Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-22415 HIGH

jupyter-lsp < 2.2.2 - Unauthenticated Improper Access Control

CVE-2024-0354 MEDIUM

unknown-o Download Station <=1.1.8 - Path Traversal

CVE-2024-0341 LOW

inis_project/inis < 2.0.1 - Path Traversal via GET Request Handler

CVE-2024-22050 HIGH

Iodine < 0.7.33 - Unauthenticated Path Traversal via Static File Service

CVE-2024-20805 LOW

MyFiles <SMR Jan-2024 Release 1 - Path Traversal

CVE-2024-20804 MEDIUM

MyFiles <SMR Jan-2024 Release 1 - Path Traversal

CVE-2024-21633 HIGH

apktool < 2.9.2 - Path Traversal via Resource File Output Path Manipulation

CVE-2023-7335 HIGH

EduSoho < 22.4.7 - Unauthenticated Arbitrary File Read via Classroom-Course-Statistics Export

CVE-2023-53979 HIGH

MyBB 1.8.32 - Authenticated Remote Code Execution via Chained Avatar Upload and Language Configuration

CVE-2023-53962 HIGH

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Path Traversal

CVE-2023-53944 MEDIUM

EasyPHP Webserver 14.1 - Path Traversal

CVE-2023-53907 MEDIUM

Bludit <3.13.1 - Authenticated File Download

CVE-2023-53902 MEDIUM

WebsiteBaker 2.13.3 - Path Traversal

CVE-2023-53772 HIGH

MiniDVBLinux 5.4 - Arbitrary File Read via About Page File Parameter

CVE-2023-7327 HIGH

Ozeki SMS Gateway <=10.3.208 - Path Traversal

CVE-2023-7309 CRITICAL

Dahua Smart Park Integrated Management Platform - Path Traversal

CVE-2023-39339 MEDIUM

Ivanti Policy Secure < 22.6R1 - Authenticated Arbitrary File Read via Path Traversal

CVE-2023-51232 HIGH

Dagster < 1.5.11 - Directory Traversal via /logs Endpoint

CVE-2023-42961 MEDIUM

iPadOS < 16.7 - Sandbox Restriction Bypass via Path Handling Issue

CVE-2023-46988 MEDIUM

ONLYOFFICE Document Server <8.0.1 - Path Traversal

CVE-2023-0092 MEDIUM

juju 2.9.22-2.9.38 - Authenticated Path Traversal

CVE-2023-38012 MEDIUM

IBM Cloud Pak System 2.3.3.6-2.3.4.0 - Path Traversal via URL Request

CVE-2023-42232 HIGH

HelpdeskAdvanced <= 11.0.33 - Path Traversal via Navigator/Index Function

CVE-2023-42229 MEDIUM

HelpdeskAdvanced <= 11.0.33 - Authenticated Path Traversal via WSConnector SOAP Requests

CVE-2023-42227 HIGH

HelpdeskAdvanced <= 11.0.33 - Path Traversal via WSCView/Save Function

Previous Page 125 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy