CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22
CVE-2022-35920 HIGH
sanic <20.12.7 and 22.0.0-22.6.1 - Path Traversal via Encoded %2F URLs
CVSS 8.3
CVE-2022-35919 HIGH
MinIO < 2022-07-29T19-40-48Z - Path Traversal via ServerUpdate API
CVSS 7.4
CVE-2022-35918 MEDIUM
Streamlit 0.63.0-1.11.0 - Path Traversal via Malicious URL
CVSS 6.5
CVE-2022-31195 HIGH
DSpace 4.0-5.10 - Authenticated Path Traversal via ItemImportServiceImpl
CVSS 7.2
CVE-2022-31194 HIGH
DSpace dspace-jspui - Path Traversal
CVSS 8.2
CVE-2022-2184 HIGH
CAPTCHA 4WP < 7.1.0 - Remote Code Execution via Admin Template Require Once
CVSS 8.8
CVE-2022-27611 MEDIUM
Synology Audio Station < 6.5.4-3367 - Authenticated Path Traversal and Arbitrary File Deletion via WebAPI Component
CVSS 5.4
CVE-2022-22685 HIGH
Synology WebDAV Server < 2.4.0-0062 - Authenticated Path Traversal and Arbitrary File Deletion via WebAPI Component
CVSS 8.7
CVE-2022-27615 HIGH
Synology DNS Server < 2.2.2-5027 - Authenticated Path Traversal and Arbitrary File Deletion via CGI Component
CVSS 7.7
CVE-2022-36890 MEDIUM
Jenkins Deployer Framework Plugin < 85.v1d1888e8c021 - Path Traversal via Form Validation
CVSS 4.3
CVE-2022-36889 HIGH
Jenkins Deployer Framework Plugin < 85.v1d1888e8c021 - Arbitrary File Upload via Application Path Configuration
CVSS 8.8
CVE-2022-34551 MEDIUM
sims v1.0 - Path Traversal via Attachment Download
CVSS 6.5
CVE-2022-27610 MEDIUM
Synology DiskStation Manager 6.2-6.2.3-25423 - Authenticated Path Traversal and Arbitrary File Deletion via WebAPI
CVSS 6.5
CVE-2022-1648 MEDIUM
Pandora FMS < 7.0_ng_760 - Authenticated Path Traversal and Remote Code Execution via File Manager
CVSS 5.7
CVE-2022-24992 HIGH
qr_code_generator < 5.2.7 - Path Traversal via process.php
CVSS 7.5
CVE-2022-35650 HIGH
Moodle 3.9.0-3.9.14 - Authenticated Path Traversal via Lesson Question Import
CVSS 7.5
CVE-2022-1128 MEDIUM
Google Chrome < 100.0.4896.60 - Cross-Origin Data Leak via Web Share API
CVSS 6.5
CVE-2022-2139 MEDIUM
Advantech iView < 5.7.04.6469 - Path Traversal and Arbitrary Code Execution
CVSS 6.5
CVE-2022-31163 HIGH
TZInfo <0.36.1, <1.2.10 (with tzinfo-data) - Path Traversal
CVSS 7.5
CVE-2022-31475 MEDIUM
GiveWP <= 2.20.2 - Authenticated Arbitrary File Read via Export Function
CVSS 5.5
CVE-2022-0902 HIGH
ABB RMC-100, RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, UDC Firmware - Path Traversal and Command Injection
CVSS 8.1
CVE-2022-29834 HIGH
Mitsubishi Electric GENESIS64 and ICONICS Suite 10.97-10.97.1 - Path Traversal via Monitoring Screen
CVSS 7.5
CVE-2022-1264 MEDIUM
Ignition 8.0.4-8.1.9 - Authenticated Remote Code Execution via Web Configuration
CVSS 6.8
CVE-2022-24659 HIGH
Goldshell ASIC Miners <2.2.1 - Path Traversal
CVSS 7.5
CVE-2022-30302 MEDIUM
FortiDeceptor <=4.0.1 Authenticated Path Traversal & Arbitrary File Deletion
CVSS 6.5
Details
Vulnerabilities 9,220
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits