Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,168 vulnerabilities with CWE-22

CVE-2023-46749 MEDIUM

Apache Shiro <1.13.0, <2.0.0-alpha-4 - Path Traversal

CVE-2023-48383 HIGH

NetVision airPASS - Unauthenticated Path Traversal via URL Parameter

CVE-2023-52289 HIGH

flaskcode < 0.0.8 - Unauthenticated Path Traversal and Arbitrary File Write via /update-resource-data Endpoint

CVE-2023-52288 HIGH

flaskcode < 0.0.8 - Unauthenticated Path Traversal via /resource-data Endpoint

CVE-2023-48166 HIGH

Unify OpenScape Voice V10 < V10R3.26.1 - Unauthenticated Path Traversal via SOAP Server

CVE-2023-49801 MEDIUM

lif_auth_server < 1.4.0 - Path Traversal via get_pfp and get_banner Routes

CVE-2023-31036 HIGH

NVIDIA Triton Inference Server - Path Traversal

CVE-2023-49569 CRITICAL

go-git < 5.11.0 - Path Traversal and Remote Code Execution via ChrootOS Filesystem

CVE-2023-6583 MEDIUM

Import and export users and customers <= 1.24.2 - Path Traversal and Arbitrary File Read/Delete

CVE-2023-5504 HIGH

BackWPup <= 4.0.1 - Authenticated Directory Traversal via Log File Folder

CVE-2023-6699 CRITICAL

WP Compress - Image Optimizer <= 6.10.33 - Unauthenticated Directory Traversal via CSS Parameter

CVE-2023-40439 LOW

iPadOS < 16.6 - Unprotected User Data Exposure via Log Entry Path Traversal

CVE-2023-40383 LOW

macOS < 13.3 - Unprotected User Data Exposure via Path Handling Issue

CVE-2023-51127 HIGH

FLIR AX8 Firmware <= 1.46.16 - Unauthenticated Directory Traversal via Symbolic Link Upload

CVE-2023-50916 HIGH

Kyocera Device Manager < 3.1.1213.0 - NTLM Credential Exposure via UNC Path Authentication Bypass

CVE-2023-37932 MEDIUM

FortiVoice 7.0.0 and < 6.4.7 - Authenticated Path Traversal via HTTP/HTTPS Requests

CVE-2023-48249 MEDIUM

Bosch nexo-os < 1500-sp2 - Authenticated Path Traversal via Crafted HTTP Request

CVE-2023-48246 MEDIUM

Bosch NEXO-OS 1000-1500-sp2 - Path Traversal and Arbitrary File Read via Crafted HTTP Request

CVE-2023-48243 HIGH

Bosch nexo-os < 1500-sp2 - Unauthenticated Path Traversal and Remote Code Execution via Crafted HTTP Request

CVE-2023-48242 MEDIUM

Bosch nexo-os 1000-1500-sp2 - Authenticated Path Traversal

CVE-2023-47890 HIGH

pyload 0.5.0 - Unauthenticated Path Traversal via Unrestricted File Upload

CVE-2023-47211 CRITICAL

ManageEngine Firewall Analyzer < 12.7 - Path Traversal and Arbitrary File Write via MIB Upload

CVE-2023-29962 MEDIUM

S-CMS v5.0 - Arbitrary File Read via Path Traversal

CVE-2023-37607 HIGH

Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 - Path Traversal via csvServer.php dir Parameter

CVE-2023-47473 HIGH

fuwushe iFair < 23.8_ad0 - Path Traversal via Crafted Script

Previous Page 132 of 367 Next

Details

Vulnerabilities 9,168

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy