Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,256 vulnerabilities with CWE-22

CVE-2020-15639 CRITICAL

Marvell QConvergeConsole < 5.5.00.73 - Path Traversal & RCE via FlashValidatorServiceImpl

CVE-2020-16245 CRITICAL

Advantech iView < 5.7 - Path Traversal and Arbitrary File Write

CVE-2020-17385 HIGH

Cellopoint CelloOS <4.1.10 - Path Traversal

CVE-2020-7377 HIGH

Metasploit 4.12.40-6.0.3 - Path Traversal and Arbitrary File Write via Telpho10 Credential Dump Module

CVE-2020-7376 HIGH

Metasploit 4.11.7-6.0.3 - Path Traversal and Arbitrary File Write via get_keychains Method

CVE-2020-19877 MEDIUM

DBHcms 1.2.0 - Unauthenticated Path Traversal

CVE-2020-8227 MEDIUM

Nextcloud Desktop Client <2.6.4 - Info Disclosure

CVE-2020-15858 MEDIUM

Thales DIS BGS5 EHSx PDSx ELS61 ELS81 PLS62 Firmware - Path Traversal

CVE-2020-24571 HIGH

NexusQA NexusDB <4.50.23 - Path Traversal

CVE-2020-24368 HIGH

Icinga Web2 <2.6.4-2.8.2 - Path Traversal

CVE-2020-8209 HIGH

Citrix XenMobile <10.12 - Info Disclosure

CVE-2020-9708 MEDIUM

Adobe Git Server < 1.3.1 - Path Traversal via resolveRepositoryPath

CVE-2020-15141 LOW

openapi-python-client <0.5.3 - Path Traversal

CVE-2020-8913 HIGH

Android Play Core Library < 1.7.2 - Local Arbitrary Code Execution via SplitCompat.install Endpoint

CVE-2020-13376 CRITICAL

SecurEnvoy SecurMail 9.3.503 - Command Injection

CVE-2020-5609 CRITICAL

CENTUM CS 3000 <R3.09.50 - Path Traversal

CVE-2020-16116 LOW

KDE Ark < 20.08.0 - Path Traversal via Crafted Archive

CVE-2020-16136 HIGH

tgstation-server 4.4.0-4.4.1 - Authenticated Path Traversal via Log Download Endpoint

CVE-2020-3383 HIGH

Cisco Data Center Network Manager < 11.4(1) - Authenticated Path Traversal and Arbitrary File Write via Archive Utility

CVE-2020-8222 MEDIUM

Pulse Connect Secure <9.1R8 - Path Traversal

CVE-2020-8221 MEDIUM

Pulse Connect Secure <9.1R8 - Path Traversal

CVE-2020-9689 MEDIUM

Magento < 2.3.5-p2 - Path Traversal and Arbitrary Code Execution

CVE-2020-14490 HIGH

OpenClinic GA 5.09.02 and 5.89.05b - Path Traversal and Arbitrary File Execution

CVE-2020-5614 MEDIUM

KonaWiki < 3.1.0 - Path Traversal

CVE-2020-5377 CRITICAL

Dell EMC OpenManage Server Administrator < 9.4 - Unauthenticated Path Traversal via Web API Request

Previous Page 225 of 371 Next

Details

Vulnerabilities 9,256

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy