CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,261 vulnerabilities with CWE-22
CVE-2019-17175
HIGH
joyplus-cms 1.6.0 - Path Traversal via manager/admin_pic.php rootpath Parameter
CVSS 7.5
CVE-2019-16198
MEDIUM
KSLabs KSWEB <3.93 - Path Traversal
CVSS 6.5
CVE-2019-12691
MEDIUM
Cisco Secure Firewall Management Center < 6.2.3 - Authenticated Path Traversal via Web Management Interface
CVSS 4.9
CVE-2019-13343
HIGH
Butor Portal < 1.0.27 - Path Traversal & Arbitrary File Download via WhiteLabelingServlet
CVSS 7.5
CVE-2019-8291
HIGH
Online Store System v1.0 - Unauthenticated Path Traversal via delete_file.php
CVSS 7.5
CVE-2019-17073
MEDIUM
emlog <= 6.0.0beta - Authenticated Path Traversal and Arbitrary File Deletion via Template Deletion Endpoint
CVSS 6.5
CVE-2019-7618
MEDIUM
Elastic Code <7.3.2 - Info Disclosure
CVSS 6.5
CVE-2019-15039
CRITICAL
JetBrains TeamCity 2018.2.4 - Remote Code Execution
CVSS 9.8
CVE-2019-4423
MEDIUM
IBM Sterling File Gateway <6.0.1.0 - Path Traversal
CVSS 5.3
CVE-2019-9281
HIGH
GoogleContactsSyncAdapter < Android-10 - Path Traversal
CVSS 7.5
CVE-2019-8074
CRITICAL
ColdFusion 2018 update 4 and earlier, ColdFusion 2016 update 11 and earlier - Path Traversal
CVSS 9.8
CVE-2019-16902
HIGH
ARforms 3.7.1 - Unauthenticated Arbitrary File Deletion via arf_delete_file
CVSS 7.5
CVE-2019-16915
CRITICAL
pfSense < 2.4.4 - Path Traversal via Unsanitized widgetkey Parameter
CVSS 9.8
CVE-2019-16903
MEDIUM
Platinum UPnP SDK 1.2.0 - Path Traversal via Incorrect Path Sanitization
CVSS 5.3
CVE-2019-12666
MEDIUM
Cisco IOS XE 16.4-16.6.4 - Authenticated Path Traversal via Guest Shell Commands
CVSS 6.7
CVE-2019-16868
CRITICAL
emlog <= 6.0.0beta - Arbitrary File Deletion via bak[] Parameter
CVSS 9.8
CVE-2019-16867
MEDIUM
HongCMS 3.0.0 - Unauthenticated Arbitrary File Deletion via Database AJAX Endpoint
CVSS 6.5
CVE-2019-13063
HIGH
Sahi Pro 8.0.0 - Path Traversal and File Inclusion via Script Parameter
CVSS 7.5
CVE-2019-16680
MEDIUM
GNOME file-roller <3.29.91 - Path Traversal
CVSS 4.3
CVE-2019-16679
MEDIUM
Gila CMS < 1.11.1 - Path Traversal and Local File Inclusion via Admin File Manager
CVSS 4.9
CVE-2019-11327
MEDIUM
Topcon Positioning Net-G5 <5.2.2 - Local File Inclusion
CVSS 4.9
CVE-2019-14914
CRITICAL
PRiSE adAS 1.7.0 - Path Traversal and Arbitrary File Read/Deletion via Metadata Deletion Method
CVSS 9.1
CVE-2019-16511
MEDIUM
FireGiant WiX Toolset <3.11.2 - Path Traversal
CVSS 5.5
CVE-2019-14994
HIGH
Atlassian Jira Service Desk Path Traversal via Customer Context Filter
CVSS 7.5
CVE-2019-4442
MEDIUM
IBM WebSphere Application Server <9 - Path Traversal
CVSS 4.3
Details
Vulnerabilities
9,261
Exploit Likelihood
High