CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,230 vulnerabilities with CWE-22
CVE-2021-20090 CRITICAL KEV
Buffalo WSR-2533DHPL2 Firmware <= 1.02 and WSR-2533DHP3 Firmware <= 1.24 - Unauthenticated Path Traversal
CVSS 9.8
CVE-2021-20714 MEDIUM
WP Fastest Cache <0.9.1.7 - Path Traversal
CVSS 6.5
CVE-2021-30635 MEDIUM
Sonatype Nexus Repository Manager <3.30.1 - Path Traversal
CVSS 5.3
CVE-2021-29474 MEDIUM
HedgeDoc < 1.8.0 - Path Traversal and Arbitrary File Read via URL-Encoded Alias
CVSS 4.7
CVE-2021-24242 LOW
Tutor LMS < 1.8.8 - Authenticated Local File Inclusion via Tools Sub-Page Parameter
CVSS 3.8
CVE-2021-0231 MEDIUM
Juniper Networks SRX/vSRX <19.3R2-S6-20.2R2 - Path Traversal
CVSS 6.5
CVE-2021-27278 HIGH
Parallels Desktop 16.1.1-49141 - Privilege Escalation
CVSS 8.2
CVE-2021-29466 MEDIUM
discord-recon < 0.0.4 - Path Traversal
CVSS 6.5
CVE-2021-20023 MEDIUM KEV
SonicWall Email Security < 10.0.9.6173 - Authenticated Arbitrary File Read via Path Traversal
CVSS 4.9
CVE-2021-27030 HIGH
Autodesk FBX Review < 1.5.0 - Directory Traversal Remote Code Execution via Malicious FBX File
CVSS 7.8
CVE-2021-22720 HIGH
C-Bus Toolkit <1.15.7 - Path Traversal
CVSS 7.2
CVE-2021-22719 HIGH
C-Bus Toolkit <1.15.7 - Path Traversal
CVSS 8.8
CVE-2021-22718 HIGH
C-Bus Toolkit < V1.15.7 - Path Traversal
CVSS 7.8
CVE-2021-22717 HIGH
C-Bus Toolkit <1.15.7 - Path Traversal
CVSS 8.8
CVE-2021-29425 MEDIUM
Apache Commons IO - Path Traversal via FileNameUtils.normalize
CVSS 4.8
CVE-2021-22190 HIGH
GitLab 13.7.0-13.7.8 - Path Traversal via GitLab Workhorse
CVSS 8.5
CVE-2021-25361 HIGH
stickerCenter <SMR APR-2021 Release 1 - Info Disclosure
CVSS 7.9
CVE-2021-20692 HIGH
Archive collectively operation utility < 2.10.1.0 - Path Traversal via Malicious ZIP Archive Expansion
CVSS 7.1
CVE-2021-28658 MEDIUM
Django 2.2-2.2.19, 3.0-3.0.13, 3.1-3.1.7 - Path Traversal via Multipart File Upload
CVSS 5.3
CVE-2021-28172 HIGH
Vangene deltaFlow E-platform - Path Traversal
CVSS 7.5
CVE-2021-28209 MEDIUM
ASUS BMC Firmware - Authenticated Path Traversal via Web Management Delete Video File Function
CVSS 4.9
CVE-2021-28208 MEDIUM
ASUS BMC Firmware - Authenticated Path Traversal via Web Management Page Video File Parameter
CVSS 4.9
CVE-2021-28207 MEDIUM
ASUS BMC Firmware - Authenticated Path Traversal via Get Help File Function
CVSS 4.9
CVE-2021-28206 MEDIUM
ASUS BMC Firmware - Authenticated Path Traversal via Record Video File Function
CVSS 4.9
CVE-2021-28205 MEDIUM
ASUS BMC Firmware - Authenticated Path Traversal via Delete SOL Video File Function
CVSS 4.9
Details
Vulnerabilities 9,230
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits