CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,230 vulnerabilities with CWE-22
CVE-2021-35054 HIGH
Minecraft < 1.17.1 - Unauthenticated Path Traversal and Arbitrary File Deletion
CVSS 7.5
CVE-2021-34820 HIGH
Novus Management System < 1.51.2 - Unauthenticated Path Traversal and Arbitrary File Access
CVSS 7.5
CVE-2021-35968 MEDIUM
Orca HCM < 10.0 - Path Traversal via Directory List Page Parameter
CVSS 4.3
CVE-2021-35967 MEDIUM
Orca HCM < 10.0 - Unauthenticated Path Traversal via Directory Page Parameter
CVSS 5.3
CVE-2021-24453 HIGH
Include Me WordPress Plugin < 1.2.1 - Path Traversal and Remote Code Execution via Log Poisoning
CVSS 8.8
CVE-2021-24447 MEDIUM
WP Image Zoom < 1.47 - Local File Inclusion via Tab Parameter
CVSS 5.3
CVE-2021-32769 HIGH
Micronaut < 2.5.9 - Path Traversal via URL Path Manipulation
CVSS 7.5
CVE-2021-35962 HIGH
Dr. ID Door Access Control - Path Traversal
CVSS 7.5
CVE-2021-20511 MEDIUM
IBM Security Verify Access Docker 10.0.0 - Path Traversal
CVSS 4.9
CVE-2021-21586 HIGH
Dell Wyse Management Suite <= 3.2 - Authenticated Path Traversal
CVSS 8.1
CVE-2021-22867 MEDIUM
GitHub Enterprise Server < 2.22.17 - Authenticated Path Traversal via GitHub Pages Configuration
CVSS 6.5
CVE-2021-23407 HIGH
elFinder.Net.Core < 1.2.4 - Path Traversal via Unsanitized File Name
CVSS 7.5
CVE-2021-33211 MEDIUM
Elements-IT HTTP Commander 5.3.3 - Path Traversal
CVSS 6.5
CVE-2021-22440 MEDIUM
Huawei Mate 20 and Mate 20 Pro Firmware - Path Traversal
CVSS 4.6
CVE-2021-32746 MEDIUM
Icinga Web 2 <2.9.0-2.8.3-2.7.5 - Info Disclosure
CVSS 5.3
CVE-2021-33807 HIGH
gespage < 8.2.1 - Path Traversal via doDownloadData Endpoint
CVSS 7.5
CVE-2021-24013 HIGH
FortiMail 5.4.0-5.4.11 - Path Traversal via Webmail Web Requests
CVSS 8.8
CVE-2021-33215 MEDIUM
CommScope Ruckus IoT Controller <1.7.1.0 - Path Traversal
CVSS 4.3
CVE-2021-32532 HIGH
QSAN XEVO < 1.2.0 - Unauthenticated Path Traversal via Back-End Analysis Function
CVSS 7.5
CVE-2021-32527 HIGH
QSAN Storage Manager < 3.3.1 - Unauthenticated Path Traversal via Download Function
CVSS 7.5
CVE-2021-32516 HIGH
QSAN Storage Manager < 3.3.3 - Path Traversal via Share Link
CVSS 7.5
CVE-2021-32507 MEDIUM
QSAN Storage Manager < 3.3.3 - Authenticated Path Traversal via FileDownload Url Parameter
CVSS 6.5
CVE-2021-32506 MEDIUM
QSAN Storage Manager < 3.3.3 - Authenticated Path Traversal via GetImage Url Parameter
CVSS 6.5
CVE-2021-24375 CRITICAL
Motor WordPress Theme < 3.1.0 - Unauthenticated Path Traversal and Arbitrary File Execution via AJAX Handlers
CVSS 9.8
CVE-2021-35958 CRITICAL
TensorFlow < 2.5.0 - Arbitrary File Write via tf.keras.utils.get_file
CVSS 9.1
Details
Vulnerabilities 9,230
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits