CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2020-1853 MEDIUM
GaussDB 200 <6.5.1 - Path Traversal
CVSS 6.5
CVE-2020-9033 MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-9032 MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-9031 MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-9030 MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-9029 MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-8996 MEDIUM
AnyShare Cloud 6.0.9 - Authenticated Path Traversal via Download Endpoint
CVSS 4.3
CVE-2020-8803 CRITICAL
SuiteCRM < 7.11.11 - Path Traversal via add_to_prospect_list
CVSS 9.8
CVE-2020-6768 HIGH
Bosch Video Management System and Viewer < 7.5 - Unauthenticated Path Traversal
CVSS 8.6
CVE-2020-6767 HIGH
Bosch Video Management System and Viewer < 7.5 - Authenticated Path Traversal
CVSS 7.7
CVE-2020-5720 MEDIUM
MikroTik WinBox <3.21 - Path Traversal
CVSS 5.9
CVE-2020-8641 HIGH
Lotus Core CMS 1.0.1 - Path Traversal
CVSS 8.8
CVE-2020-6754 CRITICAL
dotcms < 5.2.4 - Path Traversal and Remote Code Execution via Temporary File Upload
CVSS 9.8
CVE-2020-7966 HIGH
GitLab 11.11.0-12.5.9 - Path Traversal
CVSS 7.5
CVE-2020-5237 HIGH
1UP Oneupuploaderbundle < 1.9.3 - Path Traversal
CVSS 8.8
CVE-2020-8545 HIGH
AIL framework <2.8 - Path Traversal
CVSS 7.5
CVE-2020-8446 MEDIUM
OSSEC-HIDS 2.7-3.5.0 - Path Traversal and Arbitrary File Write via Crafted Syscheck Messages
CVSS 5.5
CVE-2020-3717 MEDIUM
Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - Path Traversal
CVSS 5.3
CVE-2020-8009 HIGH
AVB MOTU <2020-01-22 - Path Traversal
CVSS 7.5
CVE-2020-5221 MEDIUM
uftpd < 2.11 - Unauthenticated Path Traversal and Arbitrary File Write via FTP Commands
CVSS 6.5
CVE-2020-7211 HIGH
libslirp 4.1.0 - Path Traversal via TFTP Directory Traversal
CVSS 7.5
CVE-2020-7246 HIGH
qdPM < 9.1 - Authenticated Remote Code Execution via Profile Photo Path Traversal
CVSS 8.8
CVE-2020-1606 MEDIUM
Juniper Junos OS - Authenticated Path Traversal and Arbitrary File Deletion via J-web
CVSS 5.4
CVE-2020-5513 MEDIUM
Gila CMS 1.11.8 - Path Traversal via /cm/delete Parameter
CVSS 6.8
CVE-2020-5512 MEDIUM
Gila CMS 1.11.8 - Path Traversal via Admin Media Path Parameter
CVSS 6.8
Details
Vulnerabilities 9,261
Exploit Likelihood High