CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,206 vulnerabilities with CWE-22
CVE-2023-41599 MEDIUM
jfinalcms 5.0.0 - Path Traversal via DownController
CVSS 5.3
CVE-2023-37739 MEDIUM
i-doit < 25 - Path Traversal
CVSS 6.5
CVE-2023-39916 CRITICAL
Routinator 0.9.0-0.12.1 and 0.14.0-0.14.2 - Path Traversal in RRDP Response Storage
CVSS 9.3
CVE-2023-4914 HIGH
cecil < 7.47.1 - Path Traversal
CVSS 7.5
CVE-2023-32558 HIGH
Node.js 20.0.0-20.5.1 - Permission Model Bypass via process.binding() Path Traversal
CVSS 7.5
CVE-2023-35670 HIGH
Android - Path Traversal in FileUtils.java
CVSS 7.8
CVE-2023-38256 MEDIUM
Dover Fueling Solutions MAGLINK LX Web Console Configuration 2.5.1-3.3 - Path Traversal
CVSS 6.8
CVE-2023-41578 HIGH
jeecg_boot < 3.5.3 - Arbitrary File Read via /testConnection Interface
CVSS 7.5
CVE-2023-4782 MEDIUM
Terraform 1.0.8-1.5.6 - Arbitrary File Write during Init Operation
CVSS 6.3
CVE-2023-40924 HIGH
SolarView Compact < 6.00 - Path Traversal
CVSS 7.5
CVE-2023-39584 HIGH
hexo < 7.2.0 - Arbitrary File Read via include_code Tag
CVSS 7.5
CVE-2023-41930 MEDIUM
Jenkins Job Configuration History Plugin < 1227.v7a_79fc4dc01f - Path Traversal via Name Query Parameter
CVSS 4.3
CVE-2023-4480 MEDIUM
phpfusion < 9.10.30 - Path Traversal and Arbitrary File Write via Fusion File Manager
CVSS 5.5
CVE-2023-39448 HIGH
SHIRASAGI < 1.18.0 - Authenticated Path Traversal and Arbitrary File Write
CVSS 8.8
CVE-2023-4748 MEDIUM
Yongyou UFIDA-NC - Path Traversal via PrintTemplateFileServlet.java filePath Argument
CVSS 6.3
CVE-2023-41057 MEDIUM
hyper-bump-it < 0.5.1 - Path Traversal via Unchecked File Glob Pattern
CVSS 5.5
CVE-2023-4616 HIGH
LG LED Assistant - Unauthenticated Path Traversal via /api/thumbnail Endpoint
CVSS 7.5
CVE-2023-4615 HIGH
LG LED Assistant - Unauthenticated Path Traversal via /api/download/updateFile Endpoint
CVSS 7.5
CVE-2023-4614 CRITICAL
LG LED Assistant - Unauthenticated Arbitrary File Write via /api/installation/setThumbnailRc Endpoint
CVSS 9.8
CVE-2023-4613 CRITICAL
LG LED Assistant - Unauthenticated Arbitrary File Write via /api/settings/upload Endpoint
CVSS 9.8
CVE-2023-39912 MEDIUM
ManageEngine ADManager Plus < 7203 - Authenticated Arbitrary File Read via Help Desk Technician Role
CVSS 4.9
CVE-2023-41747 MEDIUM
Acronis Cloud Manager < 6.2.23089.203 - Unauthenticated Path Traversal and Sensitive Information Disclosure
CVSS 6.5
CVE-2023-41044 LOW
Graylog 5.1.0-5.1.2 - Authenticated Path Traversal and Arbitrary File Deletion via Support Bundle API
CVSS 3.3
CVE-2023-31167 MEDIUM
SEL-5036 acSELerator Bay Screen Builder < 1.0.49152.778 - Path Traversal
CVSS 5.0
CVE-2023-41040 MEDIUM
GitPython < 3.1.37 - Path Traversal via Unsanitized Reference File Path
CVSS 4.0
Details
Vulnerabilities 9,206
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits