Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2023-27603 CRITICAL

Apache Linkis <=1.3.1 - Path Traversal via Zip Slip in EngineConn Material Upload

CVE-2023-1956 MEDIUM

SourceCodester Online Computer & Laptop Store 1.0 - Path Traversal

CVE-2023-29478 CRITICAL

BiblioCraft < 2.4.6 - Path Traversal and Remote Code Execution via Filename Sanitization Bypass

CVE-2023-26820 HIGH

siteproxy v1.0 - Path Traversal via index.js

CVE-2023-20129 MEDIUM

Cisco Prime Infrastructure/EPNM - XSS/CSRF

CVE-2023-25305 HIGH

PolyMC < 5.0 - Path Traversal via Malicious Mrpack File

CVE-2023-25303 HIGH

ATLauncher <= 3.4.26.0 - Path Traversal via Malicious mrpack File

CVE-2023-27534 HIGH

curl < 8.0.0 - Path Traversal via SFTP Tilde Character Handling

CVE-2023-28833 LOW

Nextcloud <24.0.10, <25.0.4 - Info Disclosure

CVE-2023-28732 MEDIUM

AnyMailing Joomla Plugin <8.3.0 - Info Disclosure

CVE-2023-27700 HIGH

MuYuCMS v2.2 - Arbitrary File Deletion via /accessory/picdel.html

CVE-2023-0241 MEDIUM

pgAdmin 4 < 6.19 - Path Traversal and Arbitrary File Write

CVE-2023-0467 MEDIUM

WP Dark Mode < 4.0.8 - Local File Inclusion via Shortcode Style Parameter

CVE-2023-1142 HIGH

InfraSuite Device Master < 1.0.5 - Path Traversal and Privilege Escalation via URL Decoding

CVE-2023-1134 HIGH

InfraSuite Device Master < 1.0.5 - Path Traversal and Credential Disclosure

CVE-2023-26802 CRITICAL

DCN DCBI-Netlog-LAB v1.0 - Command Injection

CVE-2023-27055 HIGH

Aver Information Inc PTZApp2 <20.01044.48 - Info Disclosure

CVE-2023-1177 CRITICAL

MLflow < 2.2.1 - Path Traversal via Backslash Sequence

CVE-2023-26361 MEDIUM

Adobe ColdFusion <2018 Update 15-2021 Update 5 - Path Traversal

CVE-2023-20066 MEDIUM

Cisco IOS XE - Authenticated Path Traversal in Web UI

CVE-2023-25688 MEDIUM

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, 4.1.1 - Path Traversal via URL Request

CVE-2023-27856 HIGH

ThinManager Path Traversal (CVE-2023-27856) Arbitrary File Download

CVE-2023-27855 CRITICAL

ThinManager Path Traversal (CVE-2023-27855) Arbitrary File Upload

CVE-2023-25689 LOW

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, 4.1.1 - Path Traversal via URL Request

CVE-2023-27981 HIGH

Schneider Electric IGSS Data Server & Dashboard < 16.0.0.23040 - RCE via Malicious Report

Previous Page 155 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy