Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,168 vulnerabilities with CWE-22

CVE-2023-45723 HIGH

HCL DRYiCE MyXalytics - Path Traversal via File Upload Endpoint

CVE-2023-45722 HIGH

HCL DRYiCE MyXalytics - Path Traversal and Arbitrary File Read

CVE-2023-41780 MEDIUM

ZTE ZXCLOUD iRAI < 7.23.32 - Unauthenticated DLL Loading Path Traversal

CVE-2023-7114 HIGH

Mattermost < 2.10.1 - Cross-Site Request Forgery via Deeplink Path

CVE-2023-52085 LOW

Winter <1.2.3 - Local File Inclusion

CVE-2023-7134 MEDIUM

SourceCodester Medicine Tracking System 1.0 - Path Traversal via Page Parameter

CVE-2023-50255 CRITICAL

deepin-compressor < 5.12.21 - Path Traversal and Remote Code Execution via Crafted Archive

CVE-2023-6190 CRITICAL

University Information Management System <30.11.2023 - Path Traversal

CVE-2023-5991 CRITICAL

Hotel Booking Lite < 4.8.5 - Unauthenticated Path Traversal and Arbitrary File Deletion

CVE-2023-5672 MEDIUM

WP Mail Log < 1.1.3 - Local File Inclusion via Email Attachment Path Parameter

CVE-2023-30451 MEDIUM

TYPO3 11.5.24 - Authenticated Path Traversal via Filelist BaseURI Parameter

CVE-2023-6972 CRITICAL

Backup Migration < 1.3.9 - Unauthenticated Path Traversal via HTTP Headers

CVE-2023-51651 MEDIUM

AWS SDK for PHP <3.288.1 - Path Traversal

CVE-2023-51449 MEDIUM

gradio < 4.11.0 - Path Traversal via /file Route

CVE-2023-50731 CRITICAL

MindsDB < 23.11.4.1 - Path Traversal and Arbitrary File Write via File Upload Name Parameter

CVE-2023-50254 CRITICAL

deepin_reader < 6.0.7 - Remote Code Execution via Crafted DOCX File

CVE-2023-46645 MEDIUM

GitHub Enterprise Server <3.7.19-3.11.1 - Path Traversal

CVE-2023-6562 HIGH

Kakadu SDK 4.4-8.4 - Path Traversal via JPX Fragment List Box

CVE-2023-47702 MEDIUM

IBM Security Guardium Key Lifecycle Manager 4.2.0-4.2.0.2 - Path Traversal via URL Request

CVE-2023-38126 HIGH

Softing edgeAggregator - Authenticated Remote Code Execution via Backup Zip File Path Traversal

CVE-2023-6222 HIGH

Quttera Web Malware Scanner WP <3.4.2.1 - Path Traversal

CVE-2023-46177 MEDIUM

IBM MQ Appliance <9.3 - Path Traversal

CVE-2023-5115 MEDIUM

Ansible Automation Platform - Path Traversal via Malicious Role Symlink

CVE-2023-6908 LOW

DFIRKuiper Kuiper 2.3.4 - Path Traversal in TAR Archive Handler

CVE-2023-6900 MEDIUM

rmountjoy92 DashMachine 0.5-4 - Path Traversal via /settings/delete_file Endpoint

Previous Page 133 of 367 Next

Details

Vulnerabilities 9,168

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy