Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,168 vulnerabilities with CWE-22

CVE-2023-50885 MEDIUM

AGILELOGIX Store Locator <1.4.14 - Path Traversal

CVE-2023-47843 HIGH

CataBlog <= 1.7.0 - Path Traversal and Arbitrary File Deletion

CVE-2023-3675 MEDIUM

Secomea GateManager <11.0.623373051 - Path Traversal

CVE-2023-38511 MEDIUM

iTop 3.0.0-3.0.3 - Path Traversal and Information Disclosure via Dashboard Editor

CVE-2023-52144 MEDIUM

RexTheme Product Feed Manager <7.3.15 - Path Traversal

CVE-2023-47541 MEDIUM

FortiSandbox 2.0-4.2.6, 4.4.0-4.4.2 - Path Traversal via CLI

CVE-2023-52544 MEDIUM

Huawei EMUI and HarmonyOS - Path Traversal via Email Module

CVE-2023-35812 MEDIUM

OpenSSH <7.4p1-22.78.amzn1,7.4p1-22.amzn2.0.2 - Info Disclosure

CVE-2023-25341 MEDIUM

Ladle dev server <2.5.1 - Path Traversal

CVE-2023-42947 HIGH

macOS Monterey <12.7.2 - Privilege Escalation

CVE-2023-0582 HIGH

ForgeRock Access Management < 7.3.0, < 7.2.1, < 7.1.4, <= 7.0.2 - Path Traversal and Authorization Bypass

CVE-2023-52623 MEDIUM

Linux Kernel 4.9-4.19.307 - Use-After-Free in SUNRPC Multipath XPRT Handling

CVE-2023-41973 HIGH

Zscaler Client Connector < 4.3.0.121 - Path Traversal via TrayManager Config Parameter

CVE-2023-41877 HIGH

GeoServer < 2.23.4 - Authenticated Path Traversal via Log File Location Misconfiguration

CVE-2023-40279 HIGH

OpenClinic GA 5.247.01 - Authenticated Path Traversal via Page Parameter

CVE-2023-40280 HIGH

OpenClinic GA 5.247.01 - Authenticated Path Traversal via Page Parameter in popup.jsp

CVE-2023-40747 HIGH

A.K.I Software's PMailServer/PMailServer2 - Path Traversal

CVE-2023-40160 LOW

A.K.I Software PMailServer/PMailServer2 - Path Traversal

CVE-2023-6825 CRITICAL

File Manager (Free <=7.2.1, Pro <=8.3.4) - Directory Traversal & Arbitrary File Upload

CVE-2023-47221 MEDIUM

QNAP Photo Station 6.4.0-6.4.1 - Authenticated Path Traversal

CVE-2023-38366 MEDIUM

IBM Filenet Content Manager Component <5.5.11.0 - Path Traversal

CVE-2023-7207 MEDIUM

GNU cpio - Path Traversal via --no-absolute-filenames Option

CVE-2023-49960 HIGH

indu-sol PROFINET-INspektor NT < 2.4.0 - Path Traversal and Arbitrary File Write via httpuploadd Upload Endpoint

CVE-2023-24416 MEDIUM

Arne Franken All In One Favicon <4.7 - Path Traversal

CVE-2023-50955 LOW

IBM InfoSphere Information Server 11.7 - Authenticated Path Traversal

Previous Page 130 of 367 Next

Details

Vulnerabilities 9,168

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy