CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,206 vulnerabilities with CWE-22
CVE-2023-39139 HIGH
archive < 3.3.8 - Path Traversal via Crafted Zip File Extraction
CVSS 7.8
CVE-2023-39138 HIGH
ZIPFoundation <0.9.16 - Path Traversal
CVSS 7.8
CVE-2023-39135 HIGH
Zip Swift 2.1.2 - Path Traversal via Crafted Zip Entry
CVSS 7.8
CVE-2023-40597 HIGH
Splunk Enterprise <8.2.12, 9.0.6, 9.1.1 - Path Traversal
CVSS 7.8
CVE-2023-41266 HIGH KEV
Qlik Sense Enterprise for Windows <= May 2023 Patch 3 - Unauthenticated Path Traversal
CVSS 8.2
CVE-2023-39559 MEDIUM
audimexee 15.0 - Full Path Disclosure
CVSS 5.3
CVE-2023-20890 HIGH
VMware Aria Operations for Networks 6.2.0-6.10.0 - Authenticated Arbitrary File Write and Remote Code Execution
CVSS 7.2
CVE-2023-40828 HIGH
pf4j <3.9.0 - Remote Code Execution
CVSS 7.5
CVE-2023-40827 HIGH
pf4j <3.9.0 - Remote Code Execution
CVSS 7.5
CVE-2023-40826 HIGH
pf4j <3.9.0 - Remote Code Execution
CVSS 7.5
CVE-2023-39810 HIGH
Busybox - Path Traversal via CPIO Command
CVSS 7.8
CVE-2023-40587 MEDIUM
Pyramid 2.0.0-2.0.1 - Path Traversal via Static View Index File Disclosure
CVSS 4.3
CVE-2023-3406 HIGH
M-Files Classic Web < 23.6.12695.3 and < 23.2 LTS SR3 - Authenticated Path Traversal
CVSS 7.7
CVE-2023-32756 HIGH
e-Excellence U-Office Force - Unauthenticated Path Traversal via File Upload/Download Functions
CVSS 7.5
CVE-2023-39699 CRITICAL
IceWarp Mail Server 10.4.5 - Local File Inclusion via Calendar Minimizer
CVSS 9.8
CVE-2023-39026 HIGH
FileMage Gateway <1.10.8 - Path Traversal
CVSS 7.5
CVE-2023-39141 HIGH
ziahamza/webui-aria2 - Path Traversal via Node Server File Handling
CVSS 7.5
CVE-2023-37428 HIGH
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.4 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2023-25914 HIGH
Danfoss AK-SM 800A Firmware < 3.3 - Authenticated Path Traversal via XML Interface
CVSS 8.8
CVE-2023-2971 MEDIUM
Typora < 1.6.7 - Path Traversal and Local File Access via typora://app/typemark/
CVSS 6.3
CVE-2023-2316 HIGH
Typora < 1.6.7 - Path Traversal and Local File Exfiltration via typora://app/ Handler
CVSS 7.4
CVE-2023-2110 HIGH
Obsidian desktop <1.2.8 - Info Disclosure
CVSS 8.2
CVE-2023-26469 CRITICAL
Jorani 1.0.0 - Path Traversal and Remote Code Execution
CVSS 9.8
CVE-2023-2917 CRITICAL
ThinManager Path Traversal (CVE-2023-2917) Arbitrary File Upload
CVSS 9.8
CVE-2023-2915 HIGH
ThinManager Path Traversal (CVE-2023-2915) Arbitrary File Delete
CVSS 7.5
Details
Vulnerabilities 9,206
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits