Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-29062 MEDIUM

Fortinet FortiSOAR <7.2.1 - Path Traversal

CVE-2022-39838 HIGH

Systematic FIX Adapter Firmware 2.4.0.25 - Path Traversal via UNC Share Pathname

CVE-2022-34378 MEDIUM

Dell PowerScale OneFS 9.0.0-9.1.0.20, 9.2.1.13, 9.3.0.6, 9.4.0.3 - Denial of Service via Relative Path Traversal

CVE-2022-25371 CRITICAL

Apache OFBiz < 18.12.06 - Remote Code Execution via Birt Plugin

CVE-2022-36593 MEDIUM

kkFileView <4.0.0 - Info Disclosure

CVE-2022-34373 HIGH

Dell Command | Integration Suite for System Center < 6.2.0 - Authenticated Arbitrary File Write

CVE-2022-37122 HIGH

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Unauthenticated Arbitrary File Disclosure via Logdownload.cgi File Parameter

CVE-2022-36035 HIGH

fluxcd/flux2 0.21.0-0.31.0 - Path Traversal via User-Supplied Input

CVE-2022-34375 HIGH

Dell Container Storage Modules < 1.3.0 - Authenticated Path Traversal in goiscsi and gobrick Libraries

CVE-2022-37681 HIGH

Hitachi HC-IP9100HD Firmware < 1.07 - Path Traversal via /ptippage.cgi GET Request

CVE-2022-2261 HIGH

WPIDE < 3.0 - Local File Inclusion via Filename Parameter

CVE-2022-36687 MEDIUM

Ingredients Stock Management System 1.0 - Arbitrary File Deletion via Master.php delete_img Parameter

CVE-2022-38794 HIGH

zaver < 2020-12-15 - Path Traversal via GET /.. Substring

CVE-2022-36168 LOW

wuzhicms 4.1.0 - Path Traversal via /coreframe/app/attachment/admin/index.php

CVE-2022-2464 HIGH

Rockwell Automation ISaGRAF Workbench 6.0-6.6.9 - Path Traversal via Crafted Malicious Files

CVE-2022-2463 MEDIUM

Rockwell Automation ISaGRAF Workbench 6.0-6.6.9 - Path Traversal via Malicious .7z Exchange File

CVE-2022-32427 HIGH

PrinterLogic Windows Client < 25.0.0.688 - Authenticated Path Traversal

CVE-2022-34836 MEDIUM

ABB Zenon < 8.20 - Path Traversal and Log Flooding

CVE-2022-35235 MEDIUM

XplodedThemes WPide <2.6 - Info Disclosure

CVE-2022-36261 CRITICAL

taocms 3.0.2 - Arbitrary File Deletion via Admin File Deletion Endpoint

CVE-2022-34486 HIGH

PukiWiki 1.4.5-1.5.3 - Authenticated Path Traversal

CVE-2022-30547 CRITICAL

WWBN AVideo 11.6 and dev master commit 3f7c0364 - Path Traversal and Arbitrary Command Execution via unzipDirectory

CVE-2022-2557 HIGH

Team WordPress <4.1.2 - Path Traversal

CVE-2022-2788 LOW

Emerson Electric's Proficy Machine Edition <= 9.80 - Path Traversal via .BLZ File Upload

CVE-2022-37422 HIGH

Payara < 4.1.2.191.36 and < 5.2022.3 - Unauthenticated Path Traversal

Previous Page 173 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy