CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2020-5840 HIGH
HashBrown CMS <1.3.2 - Path Traversal
CVSS 7.5
CVE-2019-25740 MEDIUM
Joomla com_jsjobs 1.2.6 Arbitrary File Deletion
CVSS 6.5
CVE-2019-25734 MEDIUM
Contact Form by WD 1.13.1 CSRF to Local File Inclusion
CVSS 4.0
CVE-2019-25727 CRITICAL
WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download
CVSS 9.8
CVE-2019-25687 CRITICAL
Pegasus CMS 1.0 Remote Code Execution via extra_fields.php
CVSS 9.8
CVE-2019-25671 HIGH
VA MAX 8.3.4 Remote Code Execution via changeip.php
CVSS 8.8
CVE-2019-25610 MEDIUM
NetNumber Titan Master 7.9.1 Path Traversal via drp
CVSS 6.5
CVE-2019-25579 HIGH
phpTransformer 2016.9 Directory Traversal via jQueryFileUpload
CVSS 7.5
CVE-2019-25577 MEDIUM
SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme
CVSS 5.5
CVE-2019-25574 MEDIUM
Green CMS 2.x Path Traversal Arbitrary File Download
CVSS 6.5
CVE-2019-25480 HIGH
ARMBot - Unauthenticated Arbitrary File Upload and Remote Code Execution via upload.php Path Traversal
CVSS 7.5
CVE-2019-25471 CRITICAL
FileThingie 2.5.7 - Arbitrary File Upload
CVSS 9.8
CVE-2019-25355 HIGH
gSOAP 2.8 - Unauthenticated Path Traversal via HTTP GET Request
CVSS 7.5
CVE-2019-25352 HIGH
Crystal Live HTTP Server 6.01 - Path Traversal
CVSS 7.5
CVE-2019-25333 HIGH
Bullwark Momentum Series JAWS 1.0 - Path Traversal
CVSS 7.5
CVE-2019-25295 MEDIUM
WP Cost Estimation <9.660 - Path Traversal
CVSS 6.5
CVE-2019-25258 HIGH
LogicalDOC Enterprise 7.7.4 - Info Disclosure
CVSS 7.5
CVE-2019-25256 MEDIUM
VideoFlow Digital Video Protection DVP 2.10 - Path Traversal
CVSS 6.5
CVE-2019-25246 HIGH
Beward N100 H.264 VGA IP Camera M2.1.6 - Info Disclosure
CVSS 8.8
CVE-2019-25213 CRITICAL
WordPress Advanced Access Manager <5.9.8.1 - Info Disclosure
CVSS 9.8
CVE-2019-25053 HIGH
Sage FRP 1000 < 2019-11 - Unauthenticated Path Traversal via Crafted URL
CVSS 7.5
CVE-2019-25099 MEDIUM
Arthmoor QSF-Portal - Path Traversal
CVSS 5.5
CVE-2019-25098 MEDIUM
soerennb eXtplorer <2.1.12 - Path Traversal
CVSS 5.5
CVE-2019-25097 MEDIUM
soerennb eXtplorer <2.1.12 - Path Traversal
CVSS 5.5
CVE-2019-25073 HIGH
github.com/goadesign/goa <v3.0.9,v2.0.10,v1.4.3 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 9,261
Exploit Likelihood High