Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,205 vulnerabilities with CWE-22

CVE-2023-47279 HIGH

Delta Electronics InfraSuite Device Master 1.0.7 - Unauthenticated Path Traversal

CVE-2023-49735 HIGH

Apache Tiles >= 2.0 - Path Traversal and Server-Side Request Forgery via DefaultLocaleResolver.LOCALE_KEY

CVE-2023-46690 HIGH

Delta Electronics InfraSuite Device Master <1.0.7 - Code Injection

CVE-2023-6352 MEDIUM

Aquaforest TIFF Server - Info Disclosure

CVE-2023-6026 CRITICAL

elijaa/phpmemcachedadmin <1.3.0 - Path Traversal

CVE-2023-47464 HIGH

GL.iNet AX1800 4.0.0-4.4.9 - Unauthenticated Arbitrary File Write via Upload API

CVE-2023-46886 CRITICAL

Dreamer CMS <4.0.1 - Path Traversal

CVE-2023-48848 HIGH

ureport 2.2.9 - Path Traversal and Arbitrary File Read

CVE-2023-3533 CRITICAL

Chamilo LMS <= 1.11.20 - Path Traversal

CVE-2023-5885 MEDIUM

Franklin Fueling Colibri Firmware - Unauthenticated Path Traversal

CVE-2023-42000 CRITICAL

Arcserve UDP < 9.2 - Unauthenticated Path Traversal and Arbitrary File Write via FileHandlingServlet

CVE-2023-5607 HIGH

Trellix Application and Change Control < 8.4.0 - Authenticated Path Traversal via GTI Reputation File Import

CVE-2023-6307 MEDIUM

jeecgboot JimuReport <1.6.1 - Path Traversal

CVE-2023-6118 HIGH

Neutron IP Camera <b1130.1.0.1 - Path Traversal

CVE-2023-4593 MEDIUM

Seattlelab SLMail - Path Traversal via dodoc Parameter

CVE-2023-6265 MEDIUM

Draytek Vigor2960 <1.5.1.4-1.5.1.5 - Path Traversal

CVE-2023-47467 MEDIUM

jeecg-boot 3.6.0 - Authenticated Path Traversal

CVE-2023-47251 MEDIUM

mprivacy-tools < 2.0.406g - Authenticated Path Traversal via VNC Print Function

CVE-2023-47313 MEDIUM

Headwind MDM Web panel 5.22.1 - Path Traversal via File Upload API

CVE-2023-6160 LOW

LifterLMS < 7.4.2 - Authenticated Path Traversal via maybe_serve_export Function

CVE-2023-6252 HIGH

Chameleon Power - Path Traversal via getImage Parameter

CVE-2023-48299 MEDIUM

TorchServe 0.1.0-0.8.2 - Path Traversal via Archive Extraction

CVE-2023-6209 MEDIUM

Firefox < 120, Firefox ESR < 115.5.0, Thunderbird < 115.5 - Path Traversal via Relative URL Parsing

CVE-2023-21418 HIGH

AXIS OS < 6.50.5.15, < 11.7.57, < 8.40.35, < 9.80.49, < 10.12.213 - Path Traversal & File Deletion via VAPIX API

CVE-2023-21417 HIGH

AXIS OS Path Traversal via VAPIX API manageoverlayimage.cgi

Previous Page 137 of 369 Next

Details

Vulnerabilities 9,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy