Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,205 vulnerabilities with CWE-22

CVE-2023-51449 MEDIUM

gradio < 4.11.0 - Path Traversal via /file Route

CVE-2023-50731 CRITICAL

MindsDB < 23.11.4.1 - Path Traversal and Arbitrary File Write via File Upload Name Parameter

CVE-2023-50254 CRITICAL

deepin_reader < 6.0.7 - Remote Code Execution via Crafted DOCX File

CVE-2023-46645 MEDIUM

GitHub Enterprise Server <3.7.19-3.11.1 - Path Traversal

CVE-2023-6562 HIGH

Kakadu SDK 4.4-8.4 - Path Traversal via JPX Fragment List Box

CVE-2023-47702 MEDIUM

IBM Security Guardium Key Lifecycle Manager 4.2.0-4.2.0.2 - Path Traversal via URL Request

CVE-2023-38126 HIGH

Softing edgeAggregator - Authenticated Remote Code Execution via Backup Zip File Path Traversal

CVE-2023-6222 HIGH

Quttera Web Malware Scanner WP <3.4.2.1 - Path Traversal

CVE-2023-46177 MEDIUM

IBM MQ Appliance <9.3 - Path Traversal

CVE-2023-5115 MEDIUM

Ansible Automation Platform - Path Traversal via Malicious Role Symlink

CVE-2023-6908 LOW

DFIRKuiper Kuiper 2.3.4 - Path Traversal in TAR Archive Handler

CVE-2023-6900 MEDIUM

rmountjoy92 DashMachine 0.5-4 - Path Traversal via /settings/delete_file Endpoint

CVE-2023-6893 MEDIUM

Hikvision Intercom Broadcast System 3.0.3-4.1.0 - Path Traversal via Export Record Downname Parameter

CVE-2023-6559 HIGH

MW WP Form <= 5.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal

CVE-2023-50265 HIGH

bazarr < 1.3.1 - Unauthenticated Arbitrary File Read via Swagger UI Static Endpoint

CVE-2023-50264 HIGH

bazarr < 1.3.1 - Unauthenticated Arbitrary File Read via Backup Download Endpoint

CVE-2023-48389 HIGH

Multisuns EasyLog web+ - Unauthenticated Path Traversal via URL Parameter

CVE-2023-48382 MEDIUM

Softnext Mail SQR Expert < 230330 - Unauthenticated Local File Inclusion via Mail Deliver URL

CVE-2023-48381 MEDIUM

Softnext Mail SQR Expert < 230330 - Unauthenticated Local File Inclusion via Special URL

CVE-2023-48378 HIGH

Softnext Mail SQR Expert < 230330 - Unauthenticated Path Traversal via URL Parameter

CVE-2023-48373 HIGH

ITPison OMICARD EDM - Unauthenticated Path Traversal via FileName Parameter

CVE-2023-6831 HIGH

MLflow < 2.9.2 - Path Traversal via Backslash-Dot-Dot-Slash Sequence

CVE-2023-49294 MEDIUM

Asterisk <18.20.1, <20.5.1, <21.0.1 - Info Disclosure

CVE-2023-48660 HIGH

Dell vApp Manger <9.2.4.x - Info Disclosure

CVE-2023-44278 MEDIUM

Dell PowerProtect DD < 7.13.0.10 - Path Traversal and Arbitrary File Write

Previous Page 135 of 369 Next

Details

Vulnerabilities 9,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy