CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,261 vulnerabilities with CWE-22
CVE-2020-5840
HIGH
HashBrown CMS <1.3.2 - Path Traversal
CVSS 7.5
CVE-2019-25740
MEDIUM
Joomla com_jsjobs 1.2.6 Arbitrary File Deletion
CVSS 6.5
CVE-2019-25734
MEDIUM
Contact Form by WD 1.13.1 CSRF to Local File Inclusion
CVSS 4.0
CVE-2019-25727
CRITICAL
WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download
CVSS 9.8
CVE-2019-25687
CRITICAL
Pegasus CMS 1.0 Remote Code Execution via extra_fields.php
CVSS 9.8
CVE-2019-25671
HIGH
VA MAX 8.3.4 Remote Code Execution via changeip.php
CVSS 8.8
CVE-2019-25610
MEDIUM
NetNumber Titan Master 7.9.1 Path Traversal via drp
CVSS 6.5
CVE-2019-25579
HIGH
phpTransformer 2016.9 Directory Traversal via jQueryFileUpload
CVSS 7.5
CVE-2019-25577
MEDIUM
SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme
CVSS 5.5
CVE-2019-25574
MEDIUM
Green CMS 2.x Path Traversal Arbitrary File Download
CVSS 6.5
CVE-2019-25480
HIGH
ARMBot - Unauthenticated Arbitrary File Upload and Remote Code Execution via upload.php Path Traversal
CVSS 7.5
CVE-2019-25471
CRITICAL
FileThingie 2.5.7 - Arbitrary File Upload
CVSS 9.8
CVE-2019-25355
HIGH
gSOAP 2.8 - Unauthenticated Path Traversal via HTTP GET Request
CVSS 7.5
CVE-2019-25352
HIGH
Crystal Live HTTP Server 6.01 - Path Traversal
CVSS 7.5
CVE-2019-25333
HIGH
Bullwark Momentum Series JAWS 1.0 - Path Traversal
CVSS 7.5
CVE-2019-25295
MEDIUM
WP Cost Estimation <9.660 - Path Traversal
CVSS 6.5
CVE-2019-25258
HIGH
LogicalDOC Enterprise 7.7.4 - Info Disclosure
CVSS 7.5
CVE-2019-25256
MEDIUM
VideoFlow Digital Video Protection DVP 2.10 - Path Traversal
CVSS 6.5
CVE-2019-25246
HIGH
Beward N100 H.264 VGA IP Camera M2.1.6 - Info Disclosure
CVSS 8.8
CVE-2019-25213
CRITICAL
WordPress Advanced Access Manager <5.9.8.1 - Info Disclosure
CVSS 9.8
CVE-2019-25053
HIGH
Sage FRP 1000 < 2019-11 - Unauthenticated Path Traversal via Crafted URL
CVSS 7.5
CVE-2019-25099
MEDIUM
Arthmoor QSF-Portal - Path Traversal
CVSS 5.5
CVE-2019-25098
MEDIUM
soerennb eXtplorer <2.1.12 - Path Traversal
CVSS 5.5
CVE-2019-25097
MEDIUM
soerennb eXtplorer <2.1.12 - Path Traversal
CVSS 5.5
CVE-2019-25073
HIGH
github.com/goadesign/goa <v3.0.9,v2.0.10,v1.4.3 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities
9,261
Exploit Likelihood
High