CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22
CVE-2023-25652 HIGH
Git < 2.30.9 - Path Traversal via git apply --reject
CVSS 7.5
CVE-2023-29200 MEDIUM
Contao <4.9.40, <4.13.21, <5.1.4 - Info Disclosure
CVSS 4.3
CVE-2023-23838 MEDIUM
Directory Traversal/File Enumeration - Path Traversal
CVSS 6.5
CVE-2023-27105 CRITICAL
Shanling M5S/M2X <4.3/3.3 - Path Traversal
CVSS 9.8
CVE-2023-30626 HIGH
Jellyfin 10.8.0-10.8.9 - Path Traversal and Arbitrary File Write via ClientLogController
CVSS 8.8
CVE-2023-22914 HIGH
Zyxel USG FLEX/VPN Series Firmware 4.50-5.35 - Path Traversal & OS Command Execution via Hotspot Upload
CVSS 7.2
CVE-2023-31059 HIGH
Repetier Server <1.4.10 - Path Traversal
CVSS 7.5
CVE-2023-25508 MEDIUM
NVIDIA DGX-1 BMC < 3.39.30 - Authenticated Path Traversal and Arbitrary File Upload/Download via IPMI Handler
CVSS 6.7
CVE-2023-30620 HIGH
mindsdb < 23.2.1.0 - Path Traversal via TarSlip in Tarfile Extraction
CVSS 7.5
CVE-2023-26101 HIGH
Flowmon Packet Investigator <12.1.0 - Path Traversal
CVSS 7.5
CVE-2023-28459 MEDIUM
pretalx < 2.3.2 - Path Traversal via HTML Export Feature
CVSS 6.5
CVE-2023-28458 MEDIUM
Pretalx Limited File Write to Remote Code Execution
CVSS 4.3
CVE-2023-21093 HIGH
Android - Path Traversal in FileUtils.java
CVSS 7.8
CVE-2023-29887 HIGH
spreadsheet-reader 0.5.11 - Path Traversal via File Parameter
CVSS 7.5
CVE-2023-30548 MEDIUM
gatsby-plugin-sharp < 5.8.1 and < 4.25.1 - Path Traversal via Gatsby Develop Server
CVSS 4.3
CVE-2023-29004 MEDIUM
hap-wi/roxy-wi <6.3.9.0 - Path Traversal
CVSS 6.5
CVE-2023-1109 HIGH
Phoenix Contact ENERGY AXC PU < 04.15.00.00 - Authenticated Path Traversal via Web Service Upload/Download
CVSS 8.8
CVE-2023-26559 MEDIUM
Oxygen XML Web Author <25.0.0.3 - Path Traversal
CVSS 5.3
CVE-2023-27648 CRITICAL
Change Color of Keypad 1.275.1.277 - Path Traversal via Dex File in Internal Storage
CVSS 9.8
CVE-2023-26969 HIGH
Atropim 1.5.26 - Path Traversal
CVSS 7.5
CVE-2023-27812 CRITICAL
bloofoxcms 0.5.2 - Arbitrary File Deletion via delete_file() Function
CVSS 9.1
CVE-2023-26293 HIGH
TIA Portal <V16.7, <V17.6, <V18.1 - Path Traversal
CVSS 7.3
CVE-2023-29186 HIGH
SAP NetWeaver BI CONT ADDON - Path Traversal
CVSS 8.7
CVE-2023-1478 CRITICAL
Hummingbird WP <3.4.2 - Path Traversal
CVSS 9.8
CVE-2023-0156 MEDIUM
AIOS WordPress <5.1.5 - Info Disclosure
CVSS 4.9
Details
Vulnerabilities 9,220
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits