CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2020-5554 CRITICAL
Shihonkanri Plus GOOUT <2.2.10 - Path Traversal
CVSS 9.1
CVE-2020-10875 HIGH
Motorola FX9500 - Path Traversal via PL/SQL Server Pages
CVSS 7.5
CVE-2020-8865 MEDIUM
Horde Groupware Webmail Edition 5.2.22 - RCE
CVSS 6.3
CVE-2020-7478 HIGH
Interactive Graphical SCADA System < 14.0.0.20009 - Unauthenticated Path Traversal via IGSS Update Service
CVSS 7.5
CVE-2020-9325 HIGH
Aquaforest TIFF Server 4.0 - Unauthenticated Arbitrary File Download via Path Traversal
CVSS 7.5
CVE-2020-9323 MEDIUM
Aquaforest TIFF Server 4.0 - Unauthenticated Path Traversal via tiffserver/tssp.aspx
CVSS 5.3
CVE-2020-8600 CRITICAL
Trend Micro Worry-Free <10.0 - Path Traversal
CVSS 9.8
CVE-2020-1735 MEDIUM
Ansible < 2.7.17 - Path Traversal via Fetch Module
CVSS 4.2
CVE-2020-10564 CRITICAL
WordPress File Upload <4.13.0 - Path Traversal
CVSS 9.8
CVE-2020-10086 MEDIUM
GitLab 10.4-12.8.1 - Path Traversal and Arbitrary File Read
CVSS 5.3
CVE-2020-0520 HIGH
Intel Graphics Driver < 15.33.49.5100 - Authenticated Path Traversal in igdkmd64.sys
CVSS 7.8
CVE-2020-10459 LOW
Chadha PHPKB Standard Multi-Language 9 - Path Traversal
CVSS 2.7
CVE-2020-10458 MEDIUM
Chadha PHPKB Standard Multi-Language 9 - Path Traversal
CVSS 6.5
CVE-2020-10457 LOW
Chadha PHPKB Standard Multi-Language 9 - Path Traversal
CVSS 2.7
CVE-2020-10387 MEDIUM
Chadha PHPKB Standard Multi-Language 9 - Authenticated Path Traversal via Download Parameter
CVSS 4.9
CVE-2020-6203 CRITICAL
SAP NetWeaver UDDI Server - Path Traversal
CVSS 9.1
CVE-2020-2139 MEDIUM
Jenkins Cobertura < 1.16 - Arbitrary File Write via Coverage Report File
CVSS 6.5
CVE-2020-1737 HIGH
Ansible < 2.7.17, 2.8.0a1-2.8.9 - Path Traversal via win_unzip Module
CVSS 7.5
CVE-2020-5405 MEDIUM
Spring Cloud Config <2.2.2 & <2.1.7 - Path Traversal
CVSS 6.5
CVE-2020-9364 MEDIUM
Creative Contact Form 4.6.2 - Path Traversal via Attachment Upload Filename
CVSS 5.3
CVE-2020-8810 HIGH
Gurux GXDLMS Director <8.5.1905.1301 - Path Traversal
CVSS 8.1
CVE-2020-8131 HIGH
Yarn < 1.22.0 - Arbitrary Filesystem Write via Malicious Package Installation
CVSS 7.5
CVE-2020-5187 HIGH
Dnnsoftware Dotnetnuke < 9.4.4 - Path Traversal
CVSS 8.8
CVE-2020-9354 HIGH
SmartClient 12.0 - Unauthenticated Path Traversal and Arbitrary File Write via Developer Console RPC
CVSS 7.5
CVE-2020-9353 HIGH
SmartClient 12.0 - Unauthenticated Local File Inclusion via RPC loadFile
CVSS 7.5
Details
Vulnerabilities 9,261
Exploit Likelihood High