Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,205 vulnerabilities with CWE-22

CVE-2023-51127 HIGH

FLIR AX8 Firmware <= 1.46.16 - Unauthenticated Directory Traversal via Symbolic Link Upload

CVE-2023-50916 HIGH

Kyocera Device Manager < 3.1.1213.0 - NTLM Credential Exposure via UNC Path Authentication Bypass

CVE-2023-37932 MEDIUM

FortiVoice 7.0.0 and < 6.4.7 - Authenticated Path Traversal via HTTP/HTTPS Requests

CVE-2023-48249 MEDIUM

Bosch nexo-os < 1500-sp2 - Authenticated Path Traversal via Crafted HTTP Request

CVE-2023-48246 MEDIUM

Bosch NEXO-OS 1000-1500-sp2 - Path Traversal and Arbitrary File Read via Crafted HTTP Request

CVE-2023-48243 HIGH

Bosch nexo-os < 1500-sp2 - Unauthenticated Path Traversal and Remote Code Execution via Crafted HTTP Request

CVE-2023-48242 MEDIUM

Bosch nexo-os 1000-1500-sp2 - Authenticated Path Traversal

CVE-2023-47890 HIGH

pyload 0.5.0 - Unauthenticated Path Traversal via Unrestricted File Upload

CVE-2023-47211 CRITICAL

ManageEngine Firewall Analyzer < 12.7 - Path Traversal and Arbitrary File Write via MIB Upload

CVE-2023-29962 MEDIUM

S-CMS v5.0 - Arbitrary File Read via Path Traversal

CVE-2023-37607 HIGH

Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 - Path Traversal via csvServer.php dir Parameter

CVE-2023-47473 HIGH

fuwushe iFair < 23.8_ad0 - Path Traversal via Crafted Script

CVE-2023-45723 HIGH

HCL DRYiCE MyXalytics - Path Traversal via File Upload Endpoint

CVE-2023-45722 HIGH

HCL DRYiCE MyXalytics - Path Traversal and Arbitrary File Read

CVE-2023-41780 MEDIUM

ZTE ZXCLOUD iRAI < 7.23.32 - Unauthenticated DLL Loading Path Traversal

CVE-2023-7114 HIGH

Mattermost < 2.10.1 - Cross-Site Request Forgery via Deeplink Path

CVE-2023-52085 LOW

Winter <1.2.3 - Local File Inclusion

CVE-2023-7134 MEDIUM

SourceCodester Medicine Tracking System 1.0 - Path Traversal via Page Parameter

CVE-2023-50255 CRITICAL

deepin-compressor < 5.12.21 - Path Traversal and Remote Code Execution via Crafted Archive

CVE-2023-6190 CRITICAL

University Information Management System <30.11.2023 - Path Traversal

CVE-2023-5991 CRITICAL

Hotel Booking Lite < 4.8.5 - Unauthenticated Path Traversal and Arbitrary File Deletion

CVE-2023-5672 MEDIUM

WP Mail Log < 1.1.3 - Local File Inclusion via Email Attachment Path Parameter

CVE-2023-30451 MEDIUM

TYPO3 11.5.24 - Authenticated Path Traversal via Filelist BaseURI Parameter

CVE-2023-6972 CRITICAL

Backup Migration < 1.3.9 - Unauthenticated Path Traversal via HTTP Headers

CVE-2023-51651 MEDIUM

AWS SDK for PHP <3.288.1 - Path Traversal

Previous Page 134 of 369 Next

Details

Vulnerabilities 9,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy