CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,261 vulnerabilities with CWE-22
CVE-2020-1853
MEDIUM
GaussDB 200 <6.5.1 - Path Traversal
CVSS 6.5
CVE-2020-9033
MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-9032
MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-9031
MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-9030
MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-9029
MEDIUM
Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter
CVSS 6.5
CVE-2020-8996
MEDIUM
AnyShare Cloud 6.0.9 - Authenticated Path Traversal via Download Endpoint
CVSS 4.3
CVE-2020-8803
CRITICAL
SuiteCRM < 7.11.11 - Path Traversal via add_to_prospect_list
CVSS 9.8
CVE-2020-6768
HIGH
Bosch Video Management System and Viewer < 7.5 - Unauthenticated Path Traversal
CVSS 8.6
CVE-2020-6767
HIGH
Bosch Video Management System and Viewer < 7.5 - Authenticated Path Traversal
CVSS 7.7
CVE-2020-5720
MEDIUM
MikroTik WinBox <3.21 - Path Traversal
CVSS 5.9
CVE-2020-8641
HIGH
Lotus Core CMS 1.0.1 - Path Traversal
CVSS 8.8
CVE-2020-6754
CRITICAL
dotcms < 5.2.4 - Path Traversal and Remote Code Execution via Temporary File Upload
CVSS 9.8
CVE-2020-7966
HIGH
GitLab 11.11.0-12.5.9 - Path Traversal
CVSS 7.5
CVE-2020-5237
HIGH
1UP Oneupuploaderbundle < 1.9.3 - Path Traversal
CVSS 8.8
CVE-2020-8545
HIGH
AIL framework <2.8 - Path Traversal
CVSS 7.5
CVE-2020-8446
MEDIUM
OSSEC-HIDS 2.7-3.5.0 - Path Traversal and Arbitrary File Write via Crafted Syscheck Messages
CVSS 5.5
CVE-2020-3717
MEDIUM
Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - Path Traversal
CVSS 5.3
CVE-2020-8009
HIGH
AVB MOTU <2020-01-22 - Path Traversal
CVSS 7.5
CVE-2020-5221
MEDIUM
uftpd < 2.11 - Unauthenticated Path Traversal and Arbitrary File Write via FTP Commands
CVSS 6.5
CVE-2020-7211
HIGH
libslirp 4.1.0 - Path Traversal via TFTP Directory Traversal
CVSS 7.5
CVE-2020-7246
HIGH
qdPM < 9.1 - Authenticated Remote Code Execution via Profile Photo Path Traversal
CVSS 8.8
CVE-2020-1606
MEDIUM
Juniper Junos OS - Authenticated Path Traversal and Arbitrary File Deletion via J-web
CVSS 5.4
CVE-2020-5513
MEDIUM
Gila CMS 1.11.8 - Path Traversal via /cm/delete Parameter
CVSS 6.8
CVE-2020-5512
MEDIUM
Gila CMS 1.11.8 - Path Traversal via Admin Media Path Parameter
CVSS 6.8
Details
Vulnerabilities
9,261
Exploit Likelihood
High