Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2023-42226 HIGH

HelpdeskAdvanced <= 11.0.33 - Path Traversal via Email/SaveAttachment Function

CVE-2023-42225 HIGH

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 - Path Traversal via Attachment/DownloadTempFile

CVE-2023-52953 MEDIUM

Huawei EMUI and HarmonyOS - Path Traversal in Medialibrary Module

CVE-2023-6947 HIGH

FooGallery < 2.4.27 - Authenticated Directory Traversal

CVE-2023-52334 MEDIUM

Allegra < 7.5.1 - Authenticated Path Traversal and Information Disclosure via downloadAttachmentGlobal

CVE-2023-52333 HIGH

Allegra < 7.5.1 - Authenticated Path Traversal and Remote Code Execution via saveFile Method

CVE-2023-52332 HIGH

Allegra < 7.5.1 - Unauthenticated Path Traversal and Information Disclosure via serveMathJaxLibraries

CVE-2023-51648 MEDIUM

Allegra < 7.5.1 - Authenticated Path Traversal and Information Disclosure via getFileContentAsString

CVE-2023-51647 MEDIUM

Allegra < 7.5.1 - Path Traversal and Remote Code Execution via saveInlineEdit Method

CVE-2023-51646 MEDIUM

Allegra < 7.5.1 - Remote Code Execution via uploadSimpleFile Path Traversal

CVE-2023-51645 MEDIUM

Allegra <= 7.5.1 unzipFile - Path Traversal Code Execution

CVE-2023-51643 MEDIUM

Allegra < 7.5.1 - Authenticated Path Traversal and Remote Code Execution via uploadFile Method

CVE-2023-51640 MEDIUM

Allegra < 7.5.1 - Remote Code Execution via extractZippedFile Path Traversal

CVE-2023-51639 CRITICAL

Allegra < 7.5.1 - Unauthenticated Path Traversal via downloadExportedChart Action

CVE-2023-26691 HIGH

CS-Cart MultiVendor <4.16.1 - Path Traversal

CVE-2023-26687 HIGH

CS-Cart MultiVendor <4.16.1 - Path Traversal

CVE-2023-30584 HIGH

Node.js < 20.3.1 - Path Traversal Bypass in Experimental Permission Model

CVE-2023-51366 HIGH

QNAP QTS and QuTS hero - Path Traversal and Sensitive Data Exposure

CVE-2023-26321 MEDIUM

Xiaomi File Manager - Path Traversal

CVE-2023-7260 HIGH

OpenText CX-E Voice <= 22.4 - Path Traversal

CVE-2023-5505 MEDIUM

BackWPup <= 4.0.1 - Authenticated Directory Traversal via Backup Folder

CVE-2023-7249 CRITICAL

OpenText Directory Services 16.4.2-24.1 - Path Traversal

CVE-2023-47803 MEDIUM

Synology BC500 and TC500 Firmware < 1.0.7-0298 - Path Traversal in Language Settings

CVE-2023-49793 MEDIUM

CodeChecker < 6.23.0 - Authenticated Path Traversal via Mass Store Run Endpoint

CVE-2023-45197 CRITICAL

AdminerEvo < 4.8.3 - Path Traversal and Arbitrary File Write via File Upload Plugin

Previous Page 126 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy