CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,222 vulnerabilities with CWE-22
CVE-2021-26629 HIGH
XPLATFORM < 9.2.2.284 - Path Traversal and Arbitrary File Write via Archive Decompression
CVSS 8.8
CVE-2021-35250 HIGH
SolarWinds Serv-U 15.3 - Path Traversal
CVSS 7.5
CVE-2021-40680 HIGH
Artica Proxy <4.30.000000 - Path Traversal
CVSS 8.1
CVE-2021-43988 MEDIUM
FANUC ROBOGUIDE <= 9.40083.00.05 - Path Traversal
CVSS 6.1
CVE-2021-44519 HIGH
Citrix XenMobile Server through 10.12 RP9 - Authenticated Path Traversal and Remote Code Execution
CVSS 8.8
CVE-2021-43290 CRITICAL
ThoughtWorks GoCD <21.3.0 - Code Injection
CVSS 9.8
CVE-2021-43289 HIGH
ThoughtWorks GoCD <21.3.0 - Code Injection
CVSS 7.5
CVE-2021-22797 HIGH
EcoStruxure Control Expert <15.1 & Process Expert <2021 - RCE via Malicious Project File
CVSS 7.8
CVE-2021-22794 CRITICAL
StruxureWare Data Center Expert < V7.8.1 - Path Traversal
CVSS 9.1
CVE-2021-43741 CRITICAL
CMSimple 5.4 - Path Traversal and Remote Code Execution via config.php File Name Manipulation
CVSS 9.8
CVE-2021-37293 MEDIUM
KevinLAB 4ST_L-BEMS 1.0.0 - Path Traversal via Page GET Parameter
CVSS 6.5
CVE-2021-36288 HIGH
Dell VNX2 for File <8.1.21.266 - Path Traversal
CVSS 8.6
CVE-2021-46417 HIGH
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Path Traversal
CVSS 7.5
CVE-2021-41026 MEDIUM
FortiWeb <6.4.1-6.3.15 - Path Traversal
CVSS 6.5
CVE-2021-30497 HIGH
Ivanti Avalanche (Premise) 6.3.2 - Path Traversal
CVSS 7.5
CVE-2021-32981 HIGH
AVEVA System Platform <2020 R2 P01 - Path Traversal
CVSS 7.2
CVE-2021-44138 HIGH
Caucho Resin 4.0.52-4.0.56 - Path Traversal via Semicolon in HTTP Request Path
CVSS 7.5
CVE-2021-32949 HIGH
MDT AutoSave <6.02.06 - Path Traversal
CVSS 7.5
CVE-2021-43099 MEDIUM
diyhi bbs 5.3 - Path Traversal via UpgradeNow Function Archive Extraction
CVSS 4.9
CVE-2021-24962 HIGH
WordPress File Upload Free & Pro <4.16.3 - Path Traversal
CVSS 8.8
CVE-2021-44124 HIGH
Hiby R3 Pro Firmware 1.5-1.6 - Path Traversal via HTTP Server
CVSS 7.5
CVE-2021-26601 HIGH
ImpressCMS < 1.4.3 - Path Traversal via image_temp Directory
CVSS 8.1
CVE-2021-27473 MEDIUM
Rockwell Automation Connected Components Workbench < 12.00.00 Path Traversal via .ccwarc Extraction
CVSS 6.1
CVE-2021-27471 HIGH
Rockwell Automation Connected Components Workbench < 12.00.00 - Path Traversal via Malicious File Processing
CVSS 7.7
CVE-2021-45967 CRITICAL
Pascom Cloud Phone System <7.20.x - Path Traversal
CVSS 9.8
Details
Vulnerabilities 9,222
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits