Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,225 vulnerabilities with CWE-22

CVE-2021-22022 MEDIUM

VMware vRealize Operations Manager 8.0.0-8.4.x - Arbitrary File Read via API

CVE-2021-40153 HIGH

squashfs-tools 4.5 - Path Traversal and Arbitrary File Write via unsquash-1.c Directory Entry

CVE-2021-38612 HIGH

NASCENT RemKon Device Manager <4.0.0.0 - Path Traversal

CVE-2021-23430 HIGH

startserver - Path Traversal via Unsanitized Input

CVE-2021-24549 MEDIUM

AceIDE < 2.6.2 - Authenticated Path Traversal via Unsanitized User Input

CVE-2021-22933 MEDIUM

Pulse Connect Secure <9.1R12 - Privilege Escalation

CVE-2021-38758 HIGH

Online Catering Reservation System 1.0 - Path Traversal

CVE-2021-24363 MEDIUM

Photo Gallery by 10Web < 1.5.75 - Path Traversal via Uploaded File Placement

CVE-2021-23423 MEDIUM

bikeshed < 3.0.0 - Path Traversal via Untrusted Source File Processing

CVE-2021-26086 MEDIUM KEV

Atlassian Jira Server/Data Center Path Traversal via /WEB-INF/web.xml

CVE-2021-27402 MEDIUM

Mitel MiCollab <9.2 FP2 - Path Traversal

CVE-2021-37347 HIGH

Nagios XI < 5.8.5 - Local Privilege Escalation via getprofile.sh Directory Argument

CVE-2021-37343 HIGH

Nagios XI Autodiscovery Webshell Upload

CVE-2021-31731 MEDIUM

KiteCMS 1.1.1 - Authenticated Path Traversal and Arbitrary File Write via Template File Edit

CVE-2021-37367 HIGH

CTparental < 4.45.07 - Remote Code Execution via Directory Traversal in bl_categories_help.php

CVE-2021-22674 MEDIUM

WebAccess/SCADA <8.4.5-9.0.1 - Path Traversal

CVE-2021-21501 HIGH

ServiceComb 1.0.0-1.x.x - Path Traversal

CVE-2021-38197 CRITICAL

Go bindings for unarr 0.1.1 - Path Traversal

CVE-2021-38136 MEDIUM

Corero SecureWatch Managed Services 9.7.2.0020 - Path Traversal

CVE-2021-34638 MEDIUM

WordPress Download Manager <= 3.1.24 - Authenticated Directory Traversal and Cross-Site Scripting via Download Template

CVE-2021-36168 MEDIUM

Fortinet FortiPortal <6.0.5-6.2.5 - Path Traversal

CVE-2021-24010 HIGH

FortiSandbox 3.1.0-3.1.4 and 3.2.0-3.2.2 - Authenticated Path Traversal via Crafted Web Requests

CVE-2021-35397 HIGH

drogon 1.0.0-beta14-1.6.0 - Unauthenticated Path Traversal in Static Router

CVE-2021-32804 HIGH

node-tar <6.1.1,5.0.6,4.4.14,3.3.2 - File Creation/Overwrite

CVE-2021-32803 HIGH

node-tar <6.1.2-3.2.3 - File Creation/Overwrite

Previous Page 203 of 369 Next

Details

Vulnerabilities 9,225

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy