CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,247 vulnerabilities with CWE-22
CVE-2020-29166 HIGH
PacsOne Server < 7.1.1 - Path Traversal and Arbitrary File Read
CVSS 7.5
CVE-2020-15097 CRITICAL
loklak < 2020-01-22 - Path Traversal and Arbitrary File Write via API Input Validation Bypass
CVSS 9.1
CVE-2020-4934 MEDIUM
IBM Content Navigator 3.0.CD - Path Traversal via Dot Dot Sequences
CVSS 4.3
CVE-2020-20290 HIGH
yccms 3.3 - Path Traversal via delete, deletesite, and deleteAll Functions
CVSS 7.5
CVE-2020-4789 MEDIUM
IBM QRadar SIEM 7.3.0-7.4.2 - Path Traversal via URL Request
CVSS 6.5
CVE-2020-23161 MEDIUM
Pyrescom Termod4 <10.04k - Path Traversal
CVSS 6.5
CVE-2020-8570 CRITICAL
Kubernetes Java Client <10.0.0 - Path Traversal
CVSS 9.1
CVE-2020-8568 MEDIUM
Kubernetes Secrets Store CSI Driver 0.0.15-0.0.16 - Path Traversal & Arbitrary File Write
CVSS 5.8
CVE-2020-8567 MEDIUM
Google Secret Manager Provider For Secret Store Csi Driver < 0.2.0 - Path Traversal
CVSS 4.9
CVE-2020-26295 HIGH
OpenMage <19.4.10, <20.0.5 - Code Injection
CVSS 8.7
CVE-2020-26285 HIGH
OpenMage < 19.4.10 - Authenticated Remote Code Execution via Data Import/Export
CVSS 8.7
CVE-2020-26252 HIGH
OpenMage < 19.4.10 - Authenticated Remote Code Execution via Product Data Update
CVSS 8.7
CVE-2020-27859 HIGH
NEC ESMPRO Manager 6.42 - Unauthenticated Path Traversal in GetEuaLogDownloadAction
CVSS 7.5
CVE-2020-19360 HIGH
FHEM 6.0 - Local File Inclusion via FileLog_logWrapper File Parameter
CVSS 7.5
CVE-2020-36193 HIGH KEV
Archive_Tar < 1.4.11 - Path Traversal via Symbolic Link Handling
CVSS 7.5
CVE-2020-35749 HIGH
Simple Board Job < 2.9.3 - Authenticated Path Traversal via sjb_file Parameter
CVSS 7.7
CVE-2020-29495 CRITICAL
DELL EMC Avamar Server <19.3 - Command Injection
CVSS 10.0
CVE-2020-29494 HIGH
Dell EMC Avamar Server <19.3 - Path Traversal
CVSS 8.7
CVE-2020-28374 HIGH
Linux Kernel < 5.10.7 - Path Traversal via XCOPY Request
CVSS 8.1
CVE-2020-27637 CRITICAL
CRAN < 4.0.3 - Path Traversal via R CMD install or install.packages()
CVSS 9.8
CVE-2020-5804 HIGH
Marvell QConvergeConsole GUI <= 5.5.0.74 - Path Traversal
CVSS 8.1
CVE-2020-13450 CRITICAL
Gotenberg < 6.2.1 - Path Traversal and Arbitrary File Write via File Upload
CVSS 9.8
CVE-2020-13449 HIGH
Gotenberg < 6.2.1 - Path Traversal via Markdown Engine
CVSS 7.5
CVE-2020-36052 CRITICAL
MiniCMS V1.10 - Path Traversal via Post-Edit State Parameter
CVSS 9.8
CVE-2020-36051 HIGH
MiniCMS V1.10 - Path Traversal via State Parameter
CVSS 7.5
Details
Vulnerabilities 9,247
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits