Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,248 vulnerabilities with CWE-22

CVE-2020-6142 CRITICAL

OS4Ed openSIS 7.3 - Remote Code Execution via Modules.php Local File Inclusion

CVE-2020-7669 HIGH

u-root < 0.9.0 - Path Traversal in Tar File Extraction

CVE-2020-7666 HIGH

u-root - Path Traversal in cpio File Extraction

CVE-2020-7665 HIGH

u-root < 0.9.0 - Path Traversal in Zip File Extraction

CVE-2020-7522 CRITICAL

APC Easy UPS On-Line Software <= 2.0 - Path Traversal via SoundUploadServlet

CVE-2020-7521 CRITICAL

APC Easy UPS On-Line Software < 2.0 - Path Traversal via FileUploadServlet

CVE-2020-25032 HIGH

Flask-Cors < 3.0.9 - Path Traversal via Non-Canonical Pathname

CVE-2020-14352 HIGH

librepo < 1.12.1 - Path Traversal via Remote Repository Metadata

CVE-2020-12456 HIGH

Mitel MiVoice Connect Client <214.100.1223.0 - RCE

CVE-2020-3490 MEDIUM

Cisco Vision Dynamic Signage Director - Path Traversal

CVE-2020-3440 MEDIUM

Cisco Webex Meetings Desktop App for Windows - RCE

CVE-2020-17389 HIGH

Marvell QConvergeConsole 5.5.0.64 - RCE

CVE-2020-17387 HIGH

Marvell QConvergeConsole 5.5.0.64 - RCE

CVE-2020-15644 HIGH

Marvell QConvergeConsole < 5.5.00.73 - Remote Code Execution via GWTTestServiceImpl setAppFileBytes Path Traversal

CVE-2020-15643 HIGH

Marvell QConvergeConsole < 5.5.00.73 - Remote Code Execution via GWTTestServiceImpl saveAsText Path Traversal

CVE-2020-15641 HIGH

Marvell QConvergeConsole < 5.5.00.73 - Unauthenticated Path Traversal in FlashValidatorServiceImpl

CVE-2020-15640 HIGH

Marvell QConvergeConsole < 5.5.00.73 - Unauthenticated Path Traversal in FlashValidatorServiceImpl

CVE-2020-15639 CRITICAL

Marvell QConvergeConsole < 5.5.00.73 - Path Traversal & RCE via FlashValidatorServiceImpl

CVE-2020-16245 CRITICAL

Advantech iView < 5.7 - Path Traversal and Arbitrary File Write

CVE-2020-17385 HIGH

Cellopoint CelloOS <4.1.10 - Path Traversal

CVE-2020-7377 HIGH

Metasploit 4.12.40-6.0.3 - Path Traversal and Arbitrary File Write via Telpho10 Credential Dump Module

CVE-2020-7376 HIGH

Metasploit 4.11.7-6.0.3 - Path Traversal and Arbitrary File Write via get_keychains Method

CVE-2020-19877 MEDIUM

DBHcms 1.2.0 - Unauthenticated Path Traversal

CVE-2020-8227 MEDIUM

Nextcloud Desktop Client <2.6.4 - Info Disclosure

CVE-2020-15858 MEDIUM

Thales DIS BGS5 EHSx PDSx ELS61 ELS81 PLS62 Firmware - Path Traversal

Previous Page 224 of 370 Next

Details

Vulnerabilities 9,248

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy