Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,206 vulnerabilities with CWE-22

CVE-2023-39528 MEDIUM

PrestaShop < 8.1.1 - Path Traversal via displayAjaxEmailHTML Method

CVE-2023-39525 MEDIUM

PrestaShop < 8.1.1 - Path Traversal via Import File Deletion Query

CVE-2023-36220 HIGH

Textpattern CMS <4.8.8 - Path Traversal

CVE-2023-4172 MEDIUM

Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 - Path Traversal via FileDirectory Parameter

CVE-2023-38702 CRITICAL

Knowage 6.1.0-8.1.8 - Authenticated Arbitrary File Write and Remote Code Execution via Template File Upload

CVE-2023-38695 MEDIUM

cypress-image-snapshot <8.0.2 - Path Traversal

CVE-2023-39143 CRITICAL

PaperCut NG/MF <22.1.3 - Path Traversal

CVE-2023-37896 HIGH

Nuclei < 2.9.9 - Path Traversal via Payload Loading in Sandbox Mode

CVE-2023-38708 MEDIUM

pimcore < 10.6.7 - Path Traversal and Arbitrary File Write via pimcore_log Parameter

CVE-2023-38951 CRITICAL

ZKTeco BioTime <9.0.1 - Path Traversal

CVE-2023-38950 HIGH KEV

ZKTeco BioTime <9.0.120240617.19506 - Path Traversal

CVE-2023-0956 HIGH

TelWin SCADA WebInterface 3.2-6.2 - Unauthenticated Path Traversal

CVE-2023-35081 HIGH KEV

Ivanti EPMM 11.8.0-11.8.1.1, 11.9.0-11.9.1.1, 11.10.0-11.10.0.2 - Authenticated Arbitrary File Write via Path Traversal

CVE-2023-33365 HIGH

Suprema BioStar 2 <2.9.1 - Path Traversal

CVE-2023-3348 MEDIUM

Wrangler <=3.1.0/2.20.1 - Path Traversal

CVE-2023-38956 HIGH

ZKTeco BioAccess IVS <3.3.1 - Path Traversal

CVE-2023-33369 CRITICAL

Control ID IDSecure <4.7.26.0 - Path Traversal

CVE-2023-3329 MEDIUM

SpiderControl SCADA Webserver <2.08 - Path Traversal

CVE-2023-26441 MEDIUM

open-xchange_appsuite_office < 8.11 - Path Traversal in Cacheservice

CVE-2023-3385 MEDIUM

GitLab <16.0.8, <16.1.3, <16.2.2 - Info Disclosure

CVE-2023-31427 HIGH

Brocade Fabric OS <9.1.1c, 9.2.0 - Command Injection

CVE-2023-35016 MEDIUM

IBM Security Verify Governance 10.0 - Path Traversal via URL Request

CVE-2023-37218 HIGH

Tadiran Telecom Aeonix - Path Traversal

CVE-2023-23842 HIGH

SolarWinds Network Configuration Manager - Path Traversal

CVE-2023-37460 HIGH

plexus-archiver < 4.8.0 - Arbitrary File Creation and Remote Code Execution via Symbolic Link Handling

Previous Page 146 of 369 Next

Details

Vulnerabilities 9,206

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy