Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-47027 CRITICAL

Timmystudios Fast Typing Keyboard <1.275.1.162 - Code Injection

CVE-2022-42470 HIGH

FortiClient 6.0.0-6.0.10 - Unauthenticated Path Traversal via Named Pipe

CVE-2022-43771 MEDIUM

Hitachi Vantara Pentaho Business Analytics Server <9.4.0.0-9.3.0.1 ...

CVE-2022-23522 HIGH

mindsdb < 22.11.4.3 - Path Traversal via TarSlip in shutil.unpack_archive

CVE-2022-36982 HIGH

Ivanti Avalanche 6.3.3.101-6.3.3.102 - Unauthenticated Path Traversal in AgentTaskHandler

CVE-2022-36981 CRITICAL

Ivanti Avalanche 6.3.3.101-6.3.4 - Remote Code Execution via Path Traversal in DeviceLogResource

CVE-2022-2560 CRITICAL

EnterpriseDT CompleteFTP 22.1.0 Server - Path Traversal

CVE-2022-48361 MEDIUM

Huawei EMUI - Path Traversal in Always On Display Theme Files

CVE-2022-32199 MEDIUM

ScriptCase < 9.9.008 - Authenticated Arbitrary File Deletion via db_convert.php File Parameter

CVE-2022-3146 MEDIUM

tripleo-ansible - Unauthenticated Sensitive Information Exposure via Insecure File Permissions

CVE-2022-3101 MEDIUM

tripleo-ansible - Information Disclosure via Insecure File Permissions

CVE-2022-47595 MEDIUM

WP Go Maps < 9.0.15 - Path Traversal

CVE-2022-31474 HIGH

iThemes BackupBuddy <8.7.4.1 - Path Traversal

CVE-2022-42476 HIGH

FortiProxy 1.1.0-1.1.5 - Privilege Escalation via CLI Request Path Traversal

CVE-2022-41328 MEDIUM KEV

Fortinet FortiOS <7.2.3-6.4.11 - Path Traversal

CVE-2022-3162 MEDIUM

kubernetes <1.22.15 and 1.25.0-1.25.4 - Unauthorized Custom Resource Access via Path Traversal

CVE-2022-41722 HIGH

filepath.Clean - Path Traversal

CVE-2022-48362 HIGH

ManageEngine Desktop Central < 10.1.2137.2 - Path Traversal & RCE via AgentLogUploadServlet

CVE-2022-41216 HIGH

Cloudflow 2.0.0-2.3.1 - Local File Inclusion via Path Traversal

CVE-2022-44299 MEDIUM

SiteServerCMS 7.1.3 - Info Disclosure

CVE-2022-33892 HIGH

Intel(R) Quartus Prime - Privilege Escalation

CVE-2022-41335 HIGH

Fortinet FortiOS <7.2.2 - Path Traversal

CVE-2022-30300 MEDIUM

FortiWeb 6.3.6-6.3.18, 7.0.0-7.0.1 - Authenticated Path Traversal via HTTP GET Request

CVE-2022-30299 MEDIUM

FortiWeb 6.0.0-6.0.7, 6.1-6.3.19, 6.4, 7.0.0-7.0.1 - Authenticated Path Traversal via API

CVE-2022-38731 MEDIUM

Qaelum DOSE 18.08-21.1 - Directory Traversal via loadimages name parameter

Previous Page 161 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy