Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,230 vulnerabilities with CWE-22

CVE-2021-36168 MEDIUM

Fortinet FortiPortal <6.0.5-6.2.5 - Path Traversal

CVE-2021-24010 HIGH

FortiSandbox 3.1.0-3.1.4 and 3.2.0-3.2.2 - Authenticated Path Traversal via Crafted Web Requests

CVE-2021-35397 HIGH

drogon 1.0.0-beta14-1.6.0 - Unauthenticated Path Traversal in Static Router

CVE-2021-32804 HIGH

node-tar <6.1.1,5.0.6,4.4.14,3.3.2 - File Creation/Overwrite

CVE-2021-32803 HIGH

node-tar <6.1.2-3.2.3 - File Creation/Overwrite

CVE-2021-32018 HIGH

JUMP AMS 3.6.0.04.009-2487 - Unauthenticated Arbitrary File Read via SOAP API

CVE-2021-32016 CRITICAL

JUMP AMS 3.6.0.04.009-2487 - Path Traversal and Arbitrary File Write via SOAP Endpoint

CVE-2021-32814 HIGH

skytable < 0.5.1 - Path Traversal and Arbitrary File Manipulation

CVE-2021-36157 MEDIUM

Grafana Cortex <1.9.0 - Path Traversal

CVE-2021-36156 MEDIUM

Grafana Loki <2.2.1 - Path Traversal

CVE-2021-30483 MEDIUM

isomorphic-git <1.8.2 - Path Traversal

CVE-2021-28966 HIGH

Ruby < 2.7.3 - Path Traversal via TmpDir Parameter

CVE-2021-23415 HIGH

elFinder.AspNet < 1.1.1 - Path Traversal via Unsanitized File Name

CVE-2021-37447 HIGH

NCH Quorum < 2.03 - Authenticated Path Traversal via Document Delete Endpoint

CVE-2021-37446 MEDIUM

NCH Quorum < 2.03 - Authenticated Path Traversal via documentprop Parameter

CVE-2021-37445 MEDIUM

NCH Quorum < 2.03 - Authenticated Path Traversal via logprop Parameter

CVE-2021-37444 HIGH

NCH IVM Attendant < 5.12 - Path Traversal and Remote Code Execution via Plugin ZIP Upload

CVE-2021-37443 HIGH

NCH IVM Attendant < 5.12 - Path Traversal via logdeleteselected check0 Parameter

CVE-2021-37442 MEDIUM

NCH IVM Attendant < 5.12 - Path Traversal via viewfile Parameter

CVE-2021-37441 HIGH

NCH Axon PBX < 2.22 - Path Traversal and Arbitrary File Deletion via logdelete Parameter

CVE-2021-37440 MEDIUM

NCH Axon PBX < 2.22 - Path Traversal via logprop File Parameter

CVE-2021-37439 MEDIUM

NCH FlexiServer < 6.00 - Path Traversal via syslog file Parameter

CVE-2021-37469 MEDIUM

NCH WebDictate < 2.13 - Authenticated Path Traversal via logprop Parameter

CVE-2021-1617 MEDIUM

Cisco Intersight Virtual Appliance < 1.0.9-292 - Authenticated Path Traversal and Command Injection

CVE-2021-35521 MEDIUM

IDEMIA Morpho Wave Compact & VisionPass <2.6.2 - Path Traversal

Previous Page 204 of 370 Next

Details

Vulnerabilities 9,230

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy