Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-1560 MEDIUM

Amministrazione Aperta < 3.8 - Authenticated Local File Inclusion via Open Parameter

CVE-2022-24830 MEDIUM

OpenClinica < 3.16 - Path Traversal and Arbitrary File Write

CVE-2022-25591 CRITICAL

BlogEngine.NET 3.3.8.0 - Arbitrary File Deletion via Crafted HTTP Request

CVE-2022-23166 MEDIUM

Sysaid < 22.1.64 and < 22.2.20 - Unauthenticated Local File Inclusion via TinyMCE Embedded Media iFrame

CVE-2022-29298 HIGH

SolarView Compact <6.00 - Path Traversal

CVE-2022-29596 CRITICAL

MicroStrategy Enterprise Manager 2022 - Authentication Bypass via Path Traversal in Login Substring

CVE-2022-30062 MEDIUM

ftcms <= 2.1 - Arbitrary File Read via tp.php

CVE-2022-30061 MEDIUM

ftcms <= 2.1 - Path Traversal via tp Parameter

CVE-2022-30059 MEDIUM

shopwind <= 3.4.2 - Arbitrary File Delete via neirong Parameter

CVE-2022-30058 MEDIUM

shopwind <= 3.4.2 - Arbitrary File Download via neirong Parameter

CVE-2022-1476 MEDIUM

All-in-One WP Migration < 7.58 - Authenticated Arbitrary File Deletion via Directory Traversal

CVE-2022-30333 HIGH KEV

UnRAR Path Traversal (CVE-2022-30333)

CVE-2022-26889 HIGH

Splunk Enterprise <8.1.2 - Path Traversal

CVE-2022-24878 HIGH

flux2 < 0.29.0 - Denial of Service via Malicious kustomization.yaml

CVE-2022-24877 CRITICAL

fluxcd flux2 and kustomize-controller < 0.29.0 and < 0.24.0 - Path Traversal via Malicious kustomization.yaml

CVE-2022-29474 MEDIUM

F5 BIG-IP Directory Traversal in iControl SOAP (Auth Required)

CVE-2022-26835 MEDIUM

F5 BIG-IP Path Traversal in iControl REST and TMOS Shell

CVE-2022-20101 MEDIUM

Android - Local Information Disclosure via Path Traversal in aee Daemon

CVE-2022-28784 MEDIUM

Galaxy Themes <SMR May-2022 Release 1 - Path Traversal

CVE-2022-1554 HIGH

scout < 4.52 - Path Traversal via send_file Call

CVE-2022-24897 HIGH

XWiki 2.3-12.6.6 - Authenticated Path Traversal via Velocity Script File API

CVE-2022-29970 HIGH

sinatra < 2.2.0 - Path Traversal in Static File Serving

CVE-2022-28451 HIGH

nopCommerce 4.50.1 - Path Traversal

CVE-2022-26068 MEDIUM

pistacheio/pistache <0.0.3.20220425 - Path Traversal

CVE-2022-25842 MEDIUM

alibaba one-java-agent-plugin < 0.0.2 - Arbitrary File Write via Zip Slip Archive Extraction

Previous Page 182 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy