Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,247 vulnerabilities with CWE-22

CVE-2020-23715 HIGH

Webport CMS 1.19.10.17121 - Path Traversal

CVE-2020-18665 MEDIUM

WebPort <= 1.19.1 - Path Traversal in System Settings Tags

CVE-2020-22200 MEDIUM

phpcms 9.1.13 - Path Traversal via q Parameter

CVE-2020-35762 LOW

bloofoxcms 0.5.2.1 - Path Traversal via Fileurl Parameter

CVE-2020-36142 MEDIUM

BloofoxCMS 0.5.2.1 - Path Traversal via Fileurl Parameter

CVE-2020-6950 MEDIUM

Eclipse Mojarra < 2.3.14 - Path Traversal via loc or con Parameter

CVE-2020-20907 CRITICAL

MetInfo 7.0 beta - Path Traversal and Arbitrary File Modification

CVE-2020-23766 MEDIUM

htmly <2.7.5 - Privilege Escalation

CVE-2020-35580 HIGH

SearchBlox < 9.2.2 - Unauthenticated Local File Inclusion via FileServlet

CVE-2020-21057 HIGH

FusionPBX 4.5.7 - Path Traversal via app/edit/folderdelete.php

CVE-2020-21056 MEDIUM

FusionPBX 4.5.7 - Path Traversal via folder Variable in foldernew.php

CVE-2020-21055 MEDIUM

FusionPBX 4.5.7 - Path Traversal via File Rename Parameters

CVE-2020-36364 CRITICAL

SmartStoreNET < 4.1.0 - Path Traversal via ImportController TempFileName Field

CVE-2020-18178 CRITICAL

HongCMS 4.0.0 - Path Traversal via Language AJAX Endpoint

CVE-2020-36197 HIGH

QNAP Music Station < 5.3.16 - Improper Access Control

CVE-2020-23575 HIGH

Kyocera Printer d-COPIA253MF - Path Traversal

CVE-2020-4993 MEDIUM

IBM QRadar SIEM 7.3-7.4 - Path Traversal via Zip File Decompression

CVE-2020-4039 HIGH

fossasia/susi.ai < 2020-05-13 - Path Traversal and Arbitrary File Manipulation

CVE-2020-18070 CRITICAL

iCMS 7.0.13 - Path Traversal via database.admincp.php do_del() Method

CVE-2020-36321 MEDIUM

Vaadin Flow 2.0.0-2.4.1 and Vaadin 14.0.0-14.4.2 - Path Traversal via Development Mode Handler

CVE-2020-17564 CRITICAL

FeiFeiCMS v4.0 - Path Traversal and Arbitrary File Deletion via Admin/DataAction.class.php

CVE-2020-17563 CRITICAL

FeiFeiCMS v4.0 - Path Traversal via Admin TPL Delete Endpoint

CVE-2020-25243 MEDIUM

LOGO! Soft Comfort < V8.4 - Path Traversal via Project File Import

CVE-2020-7861 HIGH

AnySupport <2019.3.21.0 - Path Traversal

CVE-2020-7858 MEDIUM

AquaNPlayer 2.0.0.92 - Path Traversal

Previous Page 216 of 370 Next

Details

Vulnerabilities 9,247

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy