Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,205 vulnerabilities with CWE-22

CVE-2023-44171 CRITICAL

SeaCMS V12.9 - Arbitrary File Write via admin_smtp.php

CVE-2023-44170 CRITICAL

SeaCMS V12.9 - Arbitrary File Write via admin_ping.php

CVE-2023-44169 CRITICAL

SeaCMS V12.9 - Arbitrary File Write via admin_notify.php

CVE-2023-43825 HIGH

Shihonkanri Plus <9.0.3 - Path Traversal

CVE-2023-43216 CRITICAL

SeaCMS V12.9 - Arbitrary File Write via admin_ip.php

CVE-2023-42819 HIGH

JumpServer 3.0.0-3.6.4 - Authenticated Path Traversal and Arbitrary File Write via Playbook File Endpoint

CVE-2023-42657 CRITICAL

WS_FTP Server < 8.7.4 - Path Traversal and Arbitrary File Operations

CVE-2023-42487 HIGH

soundminer < 2.01 - Path Traversal

CVE-2023-42462 HIGH

GLPI 10.0.0-10.0.9 - Path Traversal and Arbitrary File Deletion via Document Upload Process

CVE-2023-41888 MEDIUM

GLPI 10.0.8-10.0.9 - Path Traversal via Login Page URL

CVE-2023-40532 MEDIUM

Welcart e-Commerce <2.8.21 - Info Disclosure

CVE-2023-2315 HIGH

OpenCart 4.0.0.0-4.0.2.2 - Authenticated Path Traversal via Log Component

CVE-2023-43382 HIGH

ItechYou Dreamer CMS <4.1.3 - Code Injection

CVE-2023-43256 MEDIUM

Gladys Assistant <4.26.1 - Path Traversal

CVE-2023-41302 HIGH

Redirection Permission Verification - Info Disclosure

CVE-2023-39407 CRITICAL

HarmonyOS - Unauthenticated Path Traversal in Watchkit

CVE-2023-5142 LOW

H3C GR and ER Series Firmware < 20230908 - Path Traversal via /userLogin.asp Config File Handler

CVE-2023-38346 HIGH

Wind River VxWorks 6.9-7 - Path Traversal

CVE-2023-42280 HIGH

mee-admin 1.5 - Path Traversal via CommonFileController Download Method

CVE-2023-42456 LOW

sudo-rs < 0.2.1 - Path Traversal via Username with Special Characters

CVE-2023-4760 HIGH

Eclipse RAP 3.0.0-3.25.0 - Remote Code Execution via FileUpload Path Traversal

CVE-2023-4152 HIGH

Frauscher FDS101 < 1.4.24 - Unauthenticated Path Traversal via Crafted URL

CVE-2023-40930 MEDIUM

Skyworth OS v3.0 - Path Traversal via Udisk Mount to /mnt/

CVE-2023-43616 MEDIUM

schollz/croc < 9.6.5 - Path Traversal via ZIP Extraction

CVE-2023-41599 MEDIUM

jfinalcms 5.0.0 - Path Traversal via DownController

Previous Page 142 of 369 Next

Details

Vulnerabilities 9,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy