Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,222 vulnerabilities with CWE-22

CVE-2021-43734 HIGH

kkFileview 4.0.0 - Path Traversal and Arbitrary File Read

CVE-2021-44111 MEDIUM

S-Cart < 6.7.2 - Path Traversal via sc-admin/backup Download

CVE-2021-22804 HIGH

IGSS dc.exe <15.0.0.21243 - Info Disclosure

CVE-2021-22748 HIGH

C-Bus Toolkit <1.15.9, C-Gate Server <2.11.7 - Path Traversal

CVE-2021-45286 MEDIUM

ZZCMS 2021 - Path Traversal via Skin Parameter

CVE-2021-29398 MEDIUM

NorthStar Club Management 6.3 - Unauthenticated Directory Traversal via fileManagerObjects.jsp

CVE-2021-29395 HIGH

Northstar Club Management 6.3 - Unauthenticated Path Traversal via File Manager Download Endpoint

CVE-2021-44977 HIGH

idreamsoft iCMS <=8.0.0 - Path Traversal and Arbitrary File Read

CVE-2021-42753 HIGH

FortiWeb 5.8.0-6.3.15 - Authenticated Path Traversal and Arbitrary File Deletion

CVE-2021-24761 MEDIUM

Error Log Viewer <1.1.2 - Path Traversal

CVE-2021-23520 MEDIUM

juce < 6.1.5 - Arbitrary File Write via ZipFile::uncompressEntry

CVE-2021-34805 HIGH

FAUST iServer < 9.0.019.019.7 - Path Traversal via URL-Encoded Directory Traversal

CVE-2021-23484 CRITICAL

zip-local < 0.3.5 - Arbitrary File Write via Archive Extraction

CVE-2021-32841 MEDIUM

SharpZipLib <1.3.3 - Path Traversal

CVE-2021-32842 MEDIUM

SharpZipLib <1.3.3 - Path Traversal

CVE-2021-32840 HIGH

SharpZipLib <1.3.3 - Path Traversal

CVE-2021-23631 HIGH

convert-svg-core - Path Traversal via Crafted SVG File

CVE-2021-44737 HIGH

Lexmark B2236 Firmware < mslsg.076.294 - Path Traversal via PJL

CVE-2021-46203 MEDIUM

Taocms 3.0.2 - Arbitrary File Read via Path Parameter

CVE-2021-46104 HIGH

webp_server_go <0.4.0 - Path Traversal

CVE-2021-23514 MEDIUM

Crow < 0.3+4 - Path Traversal

CVE-2021-28377 MEDIUM

Joomla! ChronoForums 2.0.11 - Local File Inclusion

CVE-2021-28376 LOW

ChronoForms 7.0.7 - Path Traversal

CVE-2021-37196 MEDIUM

Siemens COMOS Web < 10.2, 10.3 < 10.3.3.3, 10.4 < 10.4.1 - Path Traversal via Archive Extraction

CVE-2021-44586 HIGH

dst-admin 1.3.0 - Unauthenticated Path Traversal and Arbitrary File Read

Previous Page 193 of 369 Next

Details

Vulnerabilities 9,222

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy