CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-17175 HIGH
joyplus-cms 1.6.0 - Path Traversal via manager/admin_pic.php rootpath Parameter
CVSS 7.5
CVE-2019-16198 MEDIUM
KSLabs KSWEB <3.93 - Path Traversal
CVSS 6.5
CVE-2019-12691 MEDIUM
Cisco Secure Firewall Management Center < 6.2.3 - Authenticated Path Traversal via Web Management Interface
CVSS 4.9
CVE-2019-13343 HIGH
Butor Portal < 1.0.27 - Path Traversal & Arbitrary File Download via WhiteLabelingServlet
CVSS 7.5
CVE-2019-8291 HIGH
Online Store System v1.0 - Unauthenticated Path Traversal via delete_file.php
CVSS 7.5
CVE-2019-17073 MEDIUM
emlog <= 6.0.0beta - Authenticated Path Traversal and Arbitrary File Deletion via Template Deletion Endpoint
CVSS 6.5
CVE-2019-7618 MEDIUM
Elastic Code <7.3.2 - Info Disclosure
CVSS 6.5
CVE-2019-15039 CRITICAL
JetBrains TeamCity 2018.2.4 - Remote Code Execution
CVSS 9.8
CVE-2019-4423 MEDIUM
IBM Sterling File Gateway <6.0.1.0 - Path Traversal
CVSS 5.3
CVE-2019-9281 HIGH
GoogleContactsSyncAdapter < Android-10 - Path Traversal
CVSS 7.5
CVE-2019-8074 CRITICAL
ColdFusion 2018 update 4 and earlier, ColdFusion 2016 update 11 and earlier - Path Traversal
CVSS 9.8
CVE-2019-16902 HIGH
ARforms 3.7.1 - Unauthenticated Arbitrary File Deletion via arf_delete_file
CVSS 7.5
CVE-2019-16915 CRITICAL
pfSense < 2.4.4 - Path Traversal via Unsanitized widgetkey Parameter
CVSS 9.8
CVE-2019-16903 MEDIUM
Platinum UPnP SDK 1.2.0 - Path Traversal via Incorrect Path Sanitization
CVSS 5.3
CVE-2019-12666 MEDIUM
Cisco IOS XE 16.4-16.6.4 - Authenticated Path Traversal via Guest Shell Commands
CVSS 6.7
CVE-2019-16868 CRITICAL
emlog <= 6.0.0beta - Arbitrary File Deletion via bak[] Parameter
CVSS 9.8
CVE-2019-16867 MEDIUM
HongCMS 3.0.0 - Unauthenticated Arbitrary File Deletion via Database AJAX Endpoint
CVSS 6.5
CVE-2019-13063 HIGH
Sahi Pro 8.0.0 - Path Traversal and File Inclusion via Script Parameter
CVSS 7.5
CVE-2019-16680 MEDIUM
GNOME file-roller <3.29.91 - Path Traversal
CVSS 4.3
CVE-2019-16679 MEDIUM
Gila CMS < 1.11.1 - Path Traversal and Local File Inclusion via Admin File Manager
CVSS 4.9
CVE-2019-11327 MEDIUM
Topcon Positioning Net-G5 <5.2.2 - Local File Inclusion
CVSS 4.9
CVE-2019-14914 CRITICAL
PRiSE adAS 1.7.0 - Path Traversal and Arbitrary File Read/Deletion via Metadata Deletion Method
CVSS 9.1
CVE-2019-16511 MEDIUM
FireGiant WiX Toolset <3.11.2 - Path Traversal
CVSS 5.5
CVE-2019-14994 HIGH
Atlassian Jira Service Desk Path Traversal via Customer Context Filter
CVSS 7.5
CVE-2019-4442 MEDIUM
IBM WebSphere Application Server <9 - Path Traversal
CVSS 4.3
Details
Vulnerabilities 9,261
Exploit Likelihood High