Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,248 vulnerabilities with CWE-22

CVE-2020-25134 HIGH

Observium 20.8.10631 - Path Traversal and Local File Inclusion via Settings URI

CVE-2020-25133 HIGH

Observium 20.8.10631 - Path Traversal and Local File Inclusion via Ports URI Parameter

CVE-2020-24621 HIGH

OpenMRS htmlformentry < 3.11.0 - Remote Code Execution via Path Traversal

CVE-2020-24626 CRITICAL

HPE PPU UCS Meter 1.9 - Remote Code Execution via Directory Traversal

CVE-2020-24625 HIGH

HPE PPU UCS Meter <1.9 - Path Traversal

CVE-2020-24624 HIGH

HPE PPU UCS Meter <1.9 - Path Traversal

CVE-2020-3143 HIGH

Cisco TelePresence - Path Traversal

CVE-2020-3130 MEDIUM

Cisco Unity Connection - File Overwrite

CVE-2020-14028 HIGH

Ozeki NG SMS Gateway < 4.17.6 - Path Traversal and Arbitrary File Write via Autoreply Script Name

CVE-2020-5605 MEDIUM

Buffalo Airstation WHR-G54S Firmware < 1.43 - Path Traversal

CVE-2020-25734 MEDIUM

webtareas < 2.1 - Unauthenticated Directory Listing in files/Default/

CVE-2020-15182 HIGH

SOY CMS < 3.0.2.328 and SOY Inquiry < 2.0.0.4 - Authenticated Remote Code Execution via CSRF

CVE-2020-11700 MEDIUM

SpamTitan 7.07 - Authenticated Path Traversal via fname Parameter

CVE-2020-7529 MEDIUM

SCADAPack 7x Remote Connect < 3.6.3.574 - Path Traversal via Crafted .RCZ File

CVE-2020-2278 MEDIUM

Jenkins Storable Configs Plugin <1.0 - Info Disclosure

CVE-2020-2277 MEDIUM

Jenkins Storable Configs Plugin <1.0 - Info Disclosure

CVE-2020-2275 MEDIUM

Jenkins Copy data to workspace Plugin <1.0 - Info Disclosure

CVE-2020-2254 MEDIUM

Jenkins Blue Ocean Plugin <1.23.2 - Info Disclosure

CVE-2020-7268 MEDIUM

McAfee Email Gateway < 7.6.406 - Path Traversal via External Input

CVE-2020-4711 MEDIUM

IBM Spectrum Protect Plus 10.1.0-10.1.6 - Path Traversal via URL Request

CVE-2020-25540 HIGH

ThinkAdmin v6 - Unauthenticated Path Traversal via GET Request Encode Parameter

CVE-2020-25248 HIGH

Hyland OnBase < 16.0.2.83 - Path Traversal via FileName Parameter

CVE-2020-25247 HIGH

Hyland OnBase < 18.0.0.32 and 19.x through 19.8.9.1000 - Path Traversal via FileName Parameter

CVE-2020-3365 MEDIUM

Cisco Enterprise NFV Infrastructure Software 3.5.1-4.1.2 - Authenticated Path Traversal

CVE-2020-25068 HIGH

Setelsa Conacwin v3.7.1.2 - Unauthenticated Local File Inclusion via Directory Traversal URI

Previous Page 223 of 370 Next

Details

Vulnerabilities 9,248

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy