Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,247 vulnerabilities with CWE-22

CVE-2020-17518 HIGH

Apache Flink <1.11.3-1.12.0 - Path Traversal

CVE-2020-22550 HIGH

Veno File Manager 3.5.6 - Path Traversal

CVE-2020-35883 CRITICAL

mozwire < 0.4.1 and >=0 <0.5.0 - Path Traversal via .conf File Overwrite

CVE-2020-27534 MEDIUM

Docker Engine <19.03.9 - Path Traversal

CVE-2020-5811 MEDIUM

Umbraco CMS <=8.9.1 - Path Traversal

CVE-2020-35612 HIGH

Joomla! 2.5.0-3.9.22 - Path Traversal via mod_random_image Folder Parameter

CVE-2020-35736 HIGH

GateOne 1.1 - Unauthenticated Arbitrary File Download via Path Traversal

CVE-2020-35362 HIGH

dext5upload < 2.7.1262310 - Directory Traversal via dext5handler.jsp fileVirtualPath Parameter

CVE-2020-35284 HIGH

FlamingoIM < 2020-09-29 - Path Traversal via Client-Side MD5 Computation

CVE-2020-35709 MEDIUM

bloofoxCMS 0.5.2.1 - Authenticated Arbitrary File Upload via Media Images Path Traversal

CVE-2020-28187 CRITICAL

TerraMaster TOS <= 4.2.06 - Authenticated Path Traversal via Multiple Parameters

CVE-2020-2504 MEDIUM

QNAP QES < 2.1.1 - Path Traversal in File Station

CVE-2020-35598 HIGH

ACS Advanced Comment System 1.0 - Path Traversal via ACS_path Parameter

CVE-2020-35370 HIGH

raysync < 3.3.3.8 - Unauthenticated Remote Code Execution via Path Traversal

CVE-2020-5803 HIGH

Marvell QConvergeConsole GUI 5.5.0.74 - Path Traversal

CVE-2020-20277 CRITICAL

uftpd 2.7-2.10 - Unauthenticated Directory Traversal via FTP Command Chroot Bypass

CVE-2020-8463 HIGH

Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - Path Traversal via Request Manipulation

CVE-2020-25617 HIGH

SolarWinds N-Central 12.3.0.670 - Authenticated Path Traversal and OS Command Execution via AdvancedScripts Endpoint

CVE-2020-5683 HIGH

GROWI <4.2.3, <4.1.12, <=v3 - Path Traversal

CVE-2020-35460 MEDIUM

Oracle Primavera Unifier >=17.7 <17.12 - Path Traversal and Arbitrary File Write via Zip Stream Handler

CVE-2020-5639 CRITICAL

FileZen 3.0.0-4.2.2 - Path Traversal and Remote Code Execution via File Upload

CVE-2020-35176 MEDIUM

AWStats < 7.8 - Path Traversal via Partial Absolute Pathname

CVE-2020-27730 CRITICAL

F5 NGINX Controller 1.0.1 2.0.0-2.9.0 3.0.0-3.9.0 - Path Traversal via Relative Paths in System Utility Calls

CVE-2020-7790 MEDIUM

Spatie/Browsershot <0.0.0 - Info Disclosure

CVE-2020-7535 HIGH

Modicon M340 BMXP341000 Firmware < 3.30 - Path Traversal via HTTP Request

Previous Page 219 of 370 Next

Details

Vulnerabilities 9,247

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy