CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-19790 CRITICAL
Telerik UI for ASP.NET AJAX RadChart - Path Traversal and Arbitrary File Read/Delete via Image Handler
CVSS 9.8
CVE-2019-5251 MEDIUM
Huawei Smartphone Firmware - Path Traversal via Malicious Application Backup
CVSS 5.5
CVE-2019-16777 HIGH
npm < 6.13.4 - Arbitrary File Overwrite via Global Binary Installation
CVSS 7.7
CVE-2019-16776 HIGH
npm < 6.13.3 - Arbitrary File Write via package.json bin Field
CVSS 7.7
CVE-2019-18338 HIGH
SINVR 3 Central Control Server < V1.5.0 - Authenticated Path Traversal via XML Communication Protocol
CVSS 7.7
CVE-2019-13944 MEDIUM
Siemens EN100 Ethernet Module - Unauthenticated Path Traversal via Web Server
CVSS 5.3
CVE-2019-16246 CRITICAL
Intesync Solismed 3.3sp1 - Unauthenticated Local File Inclusion and Remote Code Execution
CVSS 9.8
CVE-2019-15931 CRITICAL
Intesync Solismed 3.3sp - Path Traversal
CVSS 9.8
CVE-2019-19374 CRITICAL
Squiz Matrix CMS <5.5.0.3-5.5.3.3 - Info Disclosure
CVSS 9.1
CVE-2019-19683 CRITICAL
nopCommerce 4.2.0 - Path Traversal via RoxyFileman ProcessRequest
CVSS 9.1
CVE-2019-14251 HIGH
Temenos Channels R15.01 - Path Traversal
CVSS 7.5
CVE-2019-7195 CRITICAL KEV
QNAP Photo Station - Path Traversal
CVSS 9.8
CVE-2019-7194 CRITICAL KEV
QNAP Photo Station - Path Traversal
CVSS 9.8
CVE-2019-19229 MEDIUM
Fronius Solar Inverter <3.14.1 - Path Traversal
CVSS 6.5
CVE-2019-19459 CRITICAL
SALTO ProAccess SPACE 5.4.3.0 - Code Injection
CVSS 9.8
CVE-2019-19458 HIGH
SALTO ProAccess SPACE <5.4.3.0 - Path Traversal
CVSS 8.6
CVE-2019-18922 HIGH
Allied Telesis AT-GS950/8 - Path Traversal
CVSS 7.5
CVE-2019-19372 HIGH
rConfig < 3.9.3 - Path Traversal via downloadFile.php
CVSS 7.5
CVE-2019-18253 CRITICAL
Relion 670 Series < 1p1r26 - Path Traversal via Specially Crafted Paths
CVSS 10.0
CVE-2019-10220 HIGH
Linux kernel <4.9.0 - Path Traversal
CVSS 8.8
CVE-2019-16765 HIGH
Microsoft CodeQL < 1.0.1 - Arbitrary Code Execution via Workspace Directory Traversal
CVSS 7.4
CVE-2019-17406 MEDIUM
Nokia IMPACT < 18a - Path Traversal
CVSS 5.3
CVE-2019-17404 MEDIUM
Nokia IMPACT < 18a - Path Traversal
CVSS 4.3
CVE-2019-13157 HIGH
Naver Vaccine 2.1.4 - Path Traversal and Arbitrary File Write via nsz Archive Filename
CVSS 7.5
CVE-2019-16758 HIGH
Lexmark Services Monitor <2.27.4.0.39 - Path Traversal
CVSS 7.5
Details
Vulnerabilities 9,261
Exploit Likelihood High