CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-14768 HIGH
DIMO YellowBox CRM < 6.3.4 - Arbitrary File Upload & RCE via Path Traversal
CVSS 8.8
CVE-2019-14767 HIGH
DIMO YellowBox CRM < 6.3.4 - Unauthenticated Path Traversal via images/Apparence and servletrecuperefichier
CVSS 7.5
CVE-2019-14766 MEDIUM
DIMO YellowBox CRM < 6.3.4 - Authenticated Path Traversal in File Browser
CVSS 6.5
CVE-2019-15855 CRITICAL
Maarch RM < 2.5 - Unauthenticated Path Traversal and Denial of Service via Crafted POST Request
CVSS 9.1
CVE-2019-10934 HIGH
TIA Portal V14-V17 - Authenticated Arbitrary Code Execution via Configuration File Manipulation
CVSS 7.8
CVE-2019-15982 HIGH
Cisco Data Center Network Manager < 11.3(1) - Authenticated Path Traversal via REST and SOAP API Endpoints
CVSS 7.2
CVE-2019-15981 HIGH
Cisco Data Center Network Manager < 11.3(1) - Authenticated Path Traversal via REST and SOAP API
CVSS 7.2
CVE-2019-15980 HIGH
Cisco Data Center Network Manager < 11.3(1) - Authenticated Path Traversal via REST and SOAP API Endpoints
CVSS 7.2
CVE-2019-20354 MEDIUM
piSignage < 2.6.4 - Authenticated Path Traversal via Log Download API
CVSS 4.3
CVE-2019-19628 CRITICAL
GitLab EE <12.5.3, <12.4.5, <12.3.8 - Privilege Escalation & RCE
CVSS 9.8
CVE-2019-11994 CRITICAL
HPE SimpliVity - Unauthenticated Path Traversal and Remote Command Execution via Upgrade API
CVSS 9.8
CVE-2019-19088 CRITICAL
GitLab 11.3.0-12.4.2 - Path Traversal
CVSS 9.8
CVE-2019-7751 HIGH
Ricoh MarcomCentral - Path Traversal
CVSS 7.5
CVE-2019-20085 HIGH KEV
TVT NVMS-1000 Firmware - Path Traversal via GET Request
CVSS 7.5
CVE-2019-19781 CRITICAL KEV
Citrix ADC (NetScaler) Directory Traversal Scanner
CVSS 9.8
CVE-2019-6022 MEDIUM
Cybozu Office 10.0.0-10.8.3 - Authenticated Path Traversal via Customapp Function
CVSS 6.5
CVE-2019-19141 HIGH
Plex Media Server <1.18.2.2029 - RCE
CVSS 8.8
CVE-2019-7483 HIGH KEV
SonicWall SMA 100 Firmware < 9.0.0.4 - Unauthenticated Path Traversal via handleWAFRedirect CGI
CVSS 7.5
CVE-2019-15600 HIGH
http_server - Path Traversal
CVSS 7.5
CVE-2019-15596 HIGH
statics-server < 0.0.9 - Path Traversal via Symlink
CVSS 7.5
CVE-2019-7289 MEDIUM
Shortcuts < 2.1.3 - Unprotected User Data Exposure via Path Handling Issue
CVSS 5.5
CVE-2019-19845 MEDIUM
Joomla! 3.8.0-3.9.13 - Path Traversal in Logger Class
CVSS 5.3
CVE-2019-19848 HIGH
TYPO3 < 8.7.30, 9.x < 9.5.12, 10.x < 10.2.2 - Authenticated Path Traversal via Extension Manager ZIP Extraction
CVSS 7.2
CVE-2019-19264 HIGH
Simplifile RecordFusion <2019-11-25 - Path Traversal
CVSS 7.5
CVE-2019-19731 HIGH
Roxy Fileman 1.4.5 - Path Traversal
CVSS 7.5
Details
Vulnerabilities 9,261
Exploit Likelihood High