Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,205 vulnerabilities with CWE-22

CVE-2023-5355 HIGH

Awesome Support WordPress Plugin < 6.1.5 - Unauthenticated Arbitrary File Deletion via Attachment Path Traversal

CVE-2023-39299 HIGH

QNAP Music Station 4.8.0-4.8.10 - Path Traversal and Sensitive Data Exposure

CVE-2023-3961 CRITICAL

Samba < 4.17.12 - Path Traversal via Client Pipe Name

CVE-2023-41356 MEDIUM

NCSIST ManageEngine MDM - Path Traversal

CVE-2023-41344 HIGH

NCSIST ManageEngine MDM - Path Traversal

CVE-2023-34260 HIGH

Kyocera TASKalfa 4053ci Firmware < 2vg_s000.002.561 - Denial of Service via Path Traversal

CVE-2023-34259 MEDIUM

Kyocera TASKalfa 4053ci Firmware < 2vg_s000.002.561 - Unauthenticated Path Traversal via WLMDEU Endpoint

CVE-2023-20220 HIGH

Cisco Firepower Management Center - RCE

CVE-2023-33227 HIGH

Network Configuration Manager - Path Traversal

CVE-2023-33226 HIGH

Network Configuration Manager - Path Traversal

CVE-2023-2621 MEDIUM

Hitachi Energy Modular Advanced Control for HVDC 5.0-7.16.9.9 - Arbitrary File Write via ZIP Upload

CVE-2023-46237 MEDIUM

fogproject < 1.5.10 - Unauthenticated Path Traversal

CVE-2023-43648 MEDIUM

baserCMS < 4.8.0 - Path Traversal via Form Submission Data Management

CVE-2023-42804 LOW

BigBlueButton < 2.6.0-beta.1 - Unauthenticated Path Traversal via File Extension Validation Bypass

CVE-2023-46864 MEDIUM

Peppermint Ticket Management <0.2.4 - Info Disclosure

CVE-2023-46863 HIGH

Peppermint Ticket Management <0.2.4 - Info Disclosure

CVE-2023-27170 HIGH

Xpand IT Write-back manager <2.3.1 - Path Traversal

CVE-2023-45868 HIGH

ILIAS 7.25 - Authenticated Directory Traversal via Exercise Unit Creation

CVE-2023-45867 MEDIUM

ILIAS 2013-09-12 - Authenticated Path Traversal in ScormAicc Module via File Parameter

CVE-2023-30967 CRITICAL

Gotham Orbital-Simulator <0.692.0 - Path Traversal

CVE-2023-46346 HIGH

MyPrestaModules for PrestaShop <4.1.1 - Path Traversal

CVE-2023-46119 HIGH

Parse Server <5.5.6,6.3.1 - Info Disclosure

CVE-2023-42488 HIGH

EisBaer Scada < 3.0.6433.1964 - Path Traversal

CVE-2023-37913 CRITICAL

XWiki 3.5-14.10.8 - Path Traversal and Arbitrary File Write via Office Converter

CVE-2023-26578 HIGH

IDAttend's IDWeb <3.1.013 - Command Injection

Previous Page 139 of 369 Next

Details

Vulnerabilities 9,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy