CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-18212 MEDIUM
XML Language Server < 0.9.1 - Path Traversal and Arbitrary File Write
CVSS 6.5
CVE-2019-8238 HIGH
Adobe Acrobat and Reader DC - Path Traversal
CVSS 7.5
CVE-2019-18371 HIGH
Millet Router 3G Firmware < 2.28.23 - Unauthenticated Path Traversal via NGINX Alias Misconfiguration
CVSS 7.5
CVE-2019-16986 MEDIUM
FusionPBX < 4.5.7 - Path Traversal via Unsanitized Download Parameter
CVSS 6.5
CVE-2019-16985 MEDIUM
FusionPBX < 4.5.7 - Unauthenticated Path Traversal and Arbitrary File Deletion via xml_cdr_delete.php
CVSS 6.5
CVE-2019-16990 MEDIUM
FusionPBX < 4.5.7 - Path Traversal via Unsanitized File Parameter in music_on_hold.php
CVSS 6.5
CVE-2019-14424 MEDIUM
CUx-Daemon 1.11a - Local File Inclusion
CVSS 6.5
CVE-2019-15266 MEDIUM
Cisco Wireless LAN Controller Software < 8.10 - Authenticated Path Traversal via CLI Filename Parameter
CVSS 4.4
CVE-2019-12704 MEDIUM
Cisco SPA100 Series Firmware - Authenticated Arbitrary File Read via Web Interface
CVSS 6.5
CVE-2019-17662 CRITICAL
ThinVNC 1.0b1 - Path Traversal and Arbitrary File Read via ThinVnc.ini
CVSS 9.8
CVE-2019-16279 HIGH
nostromo nhttpd < 1.9.6 - Denial of Service via SSL_accept Memory Error
CVSS 7.5
CVE-2019-16278 CRITICAL KEV
nostromo_nhttpd <= 1.9.6 - Remote Code Execution via Directory Traversal in http_verify
CVSS 9.8
CVE-2019-17538 HIGH
Jiangnan Online Judge 0.8.0 - Path Traversal via Problem View File Endpoint
CVSS 7.5
CVE-2019-17537 HIGH
Jiangnan Online Judge 0.8.0 - Path Traversal via File Deletion Endpoint
CVSS 7.5
CVE-2019-17109 MEDIUM
koji < 1.18.0 - Path Traversal and Privilege Escalation
CVSS 6.5
CVE-2019-0074 MEDIUM
Juniper Junos OS - Authenticated Path Traversal in NFX150, QFX10K, EX9200, MX, and PTX Series with NG-RE
CVSS 5.5
CVE-2019-17399 CRITICAL
Shack Forms Pro < 4.0.32 - Path Traversal via File Attachment
CVSS 9.8
CVE-2019-17187 HIGH
FiberHome HG2201T 1.00.M5007_JS_201804 - Unauthenticated Path Traversal via downloadfile.cgi
CVSS 7.5
CVE-2019-14657 HIGH
Yealink phones <2019-08-04 - RCE
CVSS 8.8
CVE-2019-17314 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated Path Traversal in Configurator Module
CVSS 7.2
CVE-2019-17313 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated Path Traversal in Studio Module
CVSS 8.8
CVE-2019-17312 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated Path Traversal via File Function
CVSS 8.8
CVE-2019-17311 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated Path Traversal via Attachment Function
CVSS 8.8
CVE-2019-17199 HIGH
WPO WebPageTest 19.04 - Path Traversal via Unanchored Regular Expression
CVSS 7.5
CVE-2019-17180 HIGH
Valve Steam Client < 2019-09-12 - Path Traversal and Arbitrary File Write
CVSS 7.8
Details
Vulnerabilities 9,261
Exploit Likelihood High