Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,248 vulnerabilities with CWE-22

CVE-2020-24406 LOW

Magento <2.4.0, 2.3.4 - Info Disclosure

CVE-2020-3588 HIGH

Cisco Webex Meetings < 40.6.9 - Arbitrary Code Execution via Virtualization Channel Message Validation

CVE-2020-27128 MEDIUM

Cisco SD-WAN vManage Software - Privilege Escalation

CVE-2020-12147 MEDIUM

Silver Peak Unity Orchestrator < 8.9.11+ - Authenticated Unauthorized MySQL Query Execution via /sqlExecution REST API

CVE-2020-12146 MEDIUM

Silver Peak Unity Orchestrator < 8.9.11+ - Authenticated Path Traversal via /debugFiles REST API

CVE-2020-7763 HIGH

Phantom-html-to-pdf <0.6.1 - Info Disclosure

CVE-2020-7762 MEDIUM

jsreport-chrome-pdf <1.10.0 - Info Disclosure

CVE-2020-7758 HIGH

browserless/chrome < 1.40.2 - Path Traversal via Workspace Endpoint

CVE-2020-7757 MEDIUM

droppy - Path Traversal

CVE-2020-9368 HIGH

oleacorner olea_gift_on_order < 5.0.8 - Unauthenticated Path Traversal via getfile.php

CVE-2020-15703 MEDIUM

aptdaemon - Unauthenticated Path Traversal via Locale Property

CVE-2020-25780 HIGH

CommCell < 14.68, 15.x < 15.58, 16.x < 16.44, 17.x < 17.29, 18.x < 18.13 - Path Traversal via Log File View

CVE-2020-27993 MEDIUM

hrsale 2.0.0 - Path Traversal via Download Endpoint

CVE-2020-24990 HIGH

QSC Q-SYS Core Manager 8.2.1 - Unauthenticated Directory Traversal via TFTP GET Request

CVE-2020-4782 MEDIUM

IBM WebSphere Application Server 7.0.0.0-7.0.0.44 - Path Traversal via URL Request

CVE-2020-8254 HIGH

Pulse Secure Desktop Client <9.1R9 - RCE

CVE-2020-9782 HIGH

macOS < 10.15.2 - Path Traversal via Directory Path Handling

CVE-2020-27160 CRITICAL

Western Digital My Cloud NAS <5.04.114 - RCE

CVE-2020-9920 CRITICAL

iPadOS < 13.6 - Path Traversal via Malicious Mail Server

CVE-2020-26650 MEDIUM

AtomXCMS 2.0 - Arbitrary File Read via admin/dump.php

CVE-2020-3550 HIGH

Cisco Firepower Threat Defense & Secure Firewall Management Center < 6.0.1 - Authenticated Path Traversal

CVE-2020-14864 HIGH KEV

Oracle Business Intelligence Enterprise Edition - Info Disclosure

CVE-2020-15229 HIGH

Singularity <3.6.3 - Path Traversal

CVE-2020-15012 HIGH

Sonatype Nexus Repository Manager <2.14.19 - Path Traversal

CVE-2020-9106 MEDIUM

HUAWEI P30 Pro < 10.1.0.160(C00E160R2P8) - Path Traversal

Previous Page 221 of 370 Next

Details

Vulnerabilities 9,248

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy