Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,247 vulnerabilities with CWE-22

CVE-2020-24137 MEDIUM

wcms 0.3.2 - Path Traversal via wex/cssjs.php Path Parameter

CVE-2020-24136 HIGH

wcms 0.3.2 - Path Traversal via pagename Parameter

CVE-2020-13419 MEDIUM

OpenIAM 4.1.0-4.2.0.2 - Path Traversal in Batch Task

CVE-2020-21590 MEDIUM

Wuzhicms - Path Traversal

CVE-2020-10584 HIGH

Invigo Automatic Device Management < 5.0 - Path Traversal via /admin/search_by.php

CVE-2020-10579 HIGH

Invigo Automatic Device Management < 5.0 - Path Traversal via /admin/sysmon.php

CVE-2020-26279 HIGH

go-ipfs <0.8.0-rc1 - Path Traversal

CVE-2020-15809 MEDIUM

SpinetiX DSOS HMP350 HMP300 DiVA HMP400 HMP400W < 4.5.2 - Server-Side Request Forgery and Path Traversal

CVE-2020-13924 HIGH

Apache Ambari < 2.6.2.2 - Path Traversal

CVE-2020-29556 MEDIUM

Grav CMS <1.7.0-rc.17 - Path Traversal

CVE-2020-29555 HIGH

Grav CMS <1.7.0-rc.17 - Path Traversal

CVE-2020-5016 MEDIUM

IBM WebSphere Application Server 7.0.0.0-7.0.0.44 - Path Traversal via JAX-RPC URL Request

CVE-2020-29134 HIGH

TOTVS Fluig - Path Traversal via Base64-Encoded File Parameter

CVE-2020-9479 MEDIUM

Apache AsterixDB < 0.9.5 - Path Traversal via UDF Zip File Extraction

CVE-2020-29453 MEDIUM

Jira Server/Jira Data Center <8.5.11, <8.6.0-8.13.3, <8.14.0-8.15.0...

CVE-2020-9050 HIGH

Metasys Reporting Engine - Unauthenticated Path Traversal via Web Services

CVE-2020-13550 HIGH

Advantech WebAccess/SCADA 9.0.1 - Authenticated Local File Inclusion via Installation Functionality

CVE-2020-28337 HIGH

Microweber < 1.1.20 - Authenticated Remote Code Execution via Backup Restore Path Traversal

CVE-2020-29026 CRITICAL

GateManager < 9.2c - Authenticated Path Traversal and Arbitrary File Write via File Upload Function

CVE-2020-27871 HIGH

SolarWinds Orion Platform 2020.2.1 - Path Traversal and Arbitrary File Write via VulnerabilitySettings.aspx

CVE-2020-27870 MEDIUM

SolarWinds Orion Platform 2020.2.1 - Authenticated Path Traversal via ExportToPDF.aspx

CVE-2020-26299 MEDIUM

ftp-srv < 4.4.0 - Path Traversal via CWD and UPDR Commands

CVE-2020-25237 HIGH

SINEC NMS < V1.0 SP1 Update 1 and SINEMA Server < V14.0 SP2 Update 2 - Path Traversal via Zip-Slip

CVE-2020-36241 MEDIUM

gnome-autoar < 0.2.4 - Directory Traversal via Symlink Parent Check Bypass

CVE-2020-27994 MEDIUM

SolarWinds Serv-U < 15.2.2 - Authenticated Path Traversal

Previous Page 217 of 370 Next

Details

Vulnerabilities 9,247

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy