Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-29967 HIGH

Glewlwyd < 2.6.2 - Path Traversal in static_compressed_inmemory_website_callback.c

CVE-2022-24900 CRITICAL

Piano LED Visualizer < 1.3 - Path Traversal via os.path.join

CVE-2022-29081 CRITICAL

Zoho ManageEngine <4302, <12007, <5401 - Auth Bypass

CVE-2022-28527 HIGH

dhcms v20170919 - Arbitrary Folder Deletion via Admin Backup Endpoint

CVE-2022-28523 HIGH

HongCMS 3.0.0 - Unauthenticated Arbitrary File Deletion via Admin Template AJAX Endpoint

CVE-2022-28059 HIGH

verydows 2.0 - Arbitrary File Deletion via database_controller.php

CVE-2022-28058 HIGH

verydows 2.0 - Arbitrary File Deletion via file_controller.php

CVE-2022-29806 CRITICAL

ZoneMinder < 1.36.13 - Remote Code Execution via Invalid Language Setting

CVE-2022-23457 HIGH

OWASP Enterprise Security API < 2.3.0.0 - Path Traversal via Validator.getValidDirectoryPath

CVE-2022-1392 HIGH

Videos sync PDF WordPress plugin < 1.7.4 - Local File Inclusion via Unvalidated p Parameter

CVE-2022-1391 CRITICAL

Cab fare calculator WordPress plugin < 1.0.4 - Local File Inclusion via Controller Parameter

CVE-2022-1390 CRITICAL

Admin Word Count Column < 2.2 - Unauthenticated Path Traversal and Remote Code Execution via Null Byte Technique

CVE-2022-24424 HIGH

Dell EMC AppSync <4.3 - Path Traversal

CVE-2022-28444 HIGH

UCMS v1.6 - Path Traversal and Arbitrary File Read

CVE-2022-20790 MEDIUM

Cisco Unified Communications Manager - Info Disclosure

CVE-2022-27925 HIGH KEV

Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)

CVE-2022-1119 HIGH

Simple File List <= 3.2.7 - Unauthenticated Arbitrary File Download via eeFile Parameter

CVE-2022-29464 CRITICAL KEV

WSO2 Arbitrary File Upload to RCE

CVE-2022-29281 HIGH

Notable <1.9.0-beta.8 - Code Injection

CVE-2022-24851 HIGH

LDAP Account Manager < 7.9.1 - Authenticated Stored Cross-Site Scripting and Path Traversal via Profile Editor

CVE-2022-27043 HIGH

Yearning 2.3.1-2.3.2 Interstellar GA and 2.3.4-2.3.6 Neptune - Path Traversal

CVE-2022-20727 MEDIUM

Cisco IOx Application Hosting - Path Traversal

CVE-2022-20726 MEDIUM

Cisco IOx Application Hosting - Improper Error Handling

CVE-2022-20725 MEDIUM

Cisco IOx Application Hosting - Path Traversal and Cross-Site Scripting

CVE-2022-20724 MEDIUM

Cisco CGR1000 Compute Module - Path Traversal

Previous Page 183 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy