Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,225 vulnerabilities with CWE-22

CVE-2021-21569 MEDIUM

Dell NetWorker 18.1.0.1-19.4.0.3 - Path Traversal

CVE-2021-20034 CRITICAL

SonicWall SMA 200/210/400/410/500v < 9.0.0.10-28sv - Unauthenticated Arbitrary File Deletion via Path Traversal Bypass

CVE-2021-40103 HIGH

Concrete CMS < 8.5.5 - Path Traversal and Arbitrary File Read

CVE-2021-40098 CRITICAL

Concrete CMS < 8.5.5 - Path Traversal and Remote Code Execution via External Form Regular Expression

CVE-2021-40097 HIGH

Concrete CMS < 8.5.5 - Authenticated Path Traversal and Remote Code Execution via bFilename Parameter

CVE-2021-40349 MEDIUM

e7d Speed Test <0.5.3 - Path Traversal

CVE-2021-22868 MEDIUM

GitHub Enterprise Server < 2.22.22 - Authenticated Path Traversal via GitHub Pages Configuration

CVE-2021-41381 HIGH

Payara Micro Community < 5.2021.6 - Path Traversal

CVE-2021-22013 HIGH

VMware Cloud Foundation 3.0-5.0 & vCenter Server - Path Traversal & Info Disclosure via API

CVE-2021-22005 CRITICAL KEV

VMware Cloud Foundation 3.0-4.0 and vCenter Server - Arbitrary File Upload via Analytics Service

CVE-2021-41087 MEDIUM

in-toto-golang - Privilege Escalation

CVE-2021-24639 HIGH

OMGF WordPress Plugin < 4.5.4 - Authenticated Path Traversal and Arbitrary File Deletion via omgf_ajax_empty_dir

CVE-2021-24638 CRITICAL

OMGF < 4.5.4 - Unauthenticated Path Traversal and Arbitrary File Write via REST API Handle Parameter

CVE-2021-3806 MEDIUM

Pardus Software Center - Path Traversal

CVE-2021-39208 MEDIUM

SharpCompress < 0.29.0 - Path Traversal via Destination Directory Slash Omission

CVE-2021-27341 CRITICAL

OpenSIS CE <7.6 - Local File Inclusion

CVE-2021-33692 HIGH

SAP Cloud Connector <2.0 - Path Traversal

CVE-2021-40964 MEDIUM

TinyFileManager <=2.4.6 - Path Traversal

CVE-2021-40444 HIGH KEV

Microsoft Office Word Malicious MSHTML RCE

CVE-2021-23043 MEDIUM

BIG-IP 11.6.0-11.6.4 - Path Traversal in Configuration Utility

CVE-2021-38163 CRITICAL KEV

SAP NetWeaver (Visual Composer 7.0 RT) - Command Injection

CVE-2021-37532 MEDIUM

SAP Business One 10 - Authenticated Path Traversal

CVE-2021-33685 MEDIUM

SAP Business One <10.0 - Path Traversal

CVE-2021-40357 MEDIUM

Teamcenter Active Workspace < 4.3.10 - Path Traversal

CVE-2021-37200 HIGH

SINEC NMS < 1.0 SP1 - Path Traversal via Crafted HTTP Request

Previous Page 201 of 369 Next

Details

Vulnerabilities 9,225

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy