CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,247 vulnerabilities with CWE-22
CVE-2020-25881 MEDIUM
RKCMS - Path Traversal via filename Parameter
CVSS 5.5
CVE-2020-25873 MEDIUM
Baijiacms V4 - Path Traversal and Arbitrary Folder Deletion via ID Parameter
CVSS 6.5
CVE-2020-25872 MEDIUM
FrogCMS 0.9.5 - Path Traversal via FileManagerController.php URL Parameter
CVSS 4.9
CVE-2020-36488 MEDIUM
Sky File 2.1.0 - Path Traversal via /null// Path Commands
CVSS 6.5
CVE-2020-23061 HIGH
Dropouts Technologies LLP Super Backup <2.0.5 - Path Traversal
CVSS 7.5
CVE-2020-23040 HIGH
Sky File 2.1.0 - Path Traversal via Null Path Commands
CVSS 7.5
CVE-2020-23038 HIGH
Swift File Transfer Mobile <1.1.2 - Info Disclosure
CVSS 7.5
CVE-2020-27304 CRITICAL
CivetWeb 1.8-1.14 - Path Traversal via File Upload Form Handler
CVSS 9.8
CVE-2020-15941 MEDIUM
FortiClientEMS < 6.4.1 and <= 6.2.8 - Authenticated Path Traversal via Deployment Package Name Parameter
CVSS 5.4
CVE-2020-19154 MEDIUM
Jfinal CMS <4.7.1 - Info Disclosure
CVSS 6.5
CVE-2020-19150 HIGH
Jfinal CMS <4.7.1 - Info Disclosure
CVSS 8.1
CVE-2020-19147 MEDIUM
Jfinal CMS <4.7.1 - Info Disclosure
CVSS 6.5
CVE-2020-19146 MEDIUM
Jfinal CMS <4.7.1 - Info Disclosure
CVSS 6.5
CVE-2020-18127 MEDIUM
Indexhibit 2.1.5 - Path Traversal in /config/config.php
CVSS 6.5
CVE-2020-19547 MEDIUM
PopojiCMS 2.0.1 - Path Traversal via Admin.php ID Parameter
CVSS 6.5
CVE-2020-18878 MEDIUM
skycaiji 1.3 - Path Traversal via Admin Tool Log File Parameter
CVSS 5.3
CVE-2020-23069 MEDIUM
webTareas 2.0 - Path Traversal via extpath Parameter in general_serv.php
CVSS 6.5
CVE-2020-23172 MEDIUM
Kuba - Path Traversal and Arbitrary File Write via Zip Archive Extraction
CVSS 5.5
CVE-2020-19305 CRITICAL
Metinfo 7.0.0 - Privilege Escalation via Indeximg Parameter Deletion
CVSS 9.8
CVE-2020-19304 HIGH
Metinfo 7.0.0 - Path Traversal and Sensitive Information Exposure via File List Endpoint
CVSS 7.5
CVE-2020-26806 HIGH
ObjectPlanet Opinio < 7.15 - Unauthenticated Remote Code Execution via JSP File Upload
CVSS 8.8
CVE-2020-5370 HIGH
Dell EMC OpenManage Enterprise < 3.4 - Authenticated Arbitrary File Overwrite via Tar File Extraction
CVSS 7.9
CVE-2020-24146 HIGH
WordPress cm-download-manager <2.7.0 - Path Traversal
CVSS 8.1
CVE-2020-24144 HIGH
Media File Organizer 1.0.1 - Path Traversal
CVSS 8.6
CVE-2020-24143 HIGH
Video Downloader for TikTok <1.3 - Path Traversal
CVSS 7.5
Details
Vulnerabilities 9,247
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits