CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-4268 MEDIUM
IBM WebSphere Application Server - Path Traversal
CVSS 5.3
CVE-2019-0207 HIGH
Apache Tapestry 5.4.0-5.4.4 and tapestry-core 5.4.0-5.4.5 - Path Traversal via Backslash Character
CVSS 7.5
CVE-2019-5484 HIGH
bower < 1.8.8 - Path Traversal and Arbitrary File Write via Install Command
CVSS 7.5
CVE-2019-13532 HIGH
CODESYS V3 <3.5.14.10 - Path Traversal
CVSS 7.5
CVE-2019-5956 MEDIUM
WonderCMS < 2.6.0 - Path Traversal and Arbitrary File Deletion
CVSS 6.5
CVE-2019-1142 MEDIUM
.NET Framework - Privilege Escalation
CVSS 5.5
CVE-2019-6783 HIGH
GitLab < 11.5.8, 11.6.x < 11.6.6, 11.7.x < 11.7.1 - Path Traversal and Remote Code Execution via GitLab Pages
CVSS 8.8
CVE-2019-12464 HIGH
LibreNMS < 1.53 - Authenticated Path Traversal and Local File Inclusion via PDF Report Parameter
CVSS 7.5
CVE-2019-16132 MEDIUM
OKLite 1.2.25 - Path Traversal and Arbitrary File Deletion via TPL Control
CVSS 6.5
CVE-2019-16123 HIGH
Kartatopia PilusCart <1.4.1 - Info Disclosure
CVSS 7.5
CVE-2019-16113 HIGH
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
CVSS 8.8
CVE-2019-16105 MEDIUM
Silver Peak EdgeConnect <8.1.7.x - Path Traversal
CVSS 4.9
CVE-2019-9854 HIGH
LibreOffice 6.2.0-6.2.6 - Path Traversal via URL Encoding Bypass
CVSS 7.8
CVE-2019-15952 HIGH
Total.js CMS 12.0.0 - Path Traversal
CVSS 8.8
CVE-2019-5480 MEDIUM
statichttpserver <= 0.9.7 - Path Traversal
CVSS 5.3
CVE-2019-10197 MEDIUM
Samba <4.9.13-4.11.0rc3 - Path Traversal
CVSS 6.5
CVE-2019-15839 HIGH
Sina-Extension-For-Elementor <2.2.1 - Local File Inclusion
CVSS 7.5
CVE-2019-15630 HIGH
MuleSoft API Gateway and Mule Runtime - Directory Traversal in APIkit, HTTP Connector, and OAuth2 Provider
CVSS 7.5
CVE-2019-15822 CRITICAL
wps-child-theme-generator <1.2 - Path Traversal
CVSS 9.8
CVE-2019-6113 HIGH
ONKYO TX-NR686 1030-5000-1040-0010 - Path Traversal via Default URI
CVSS 7.5
CVE-2019-3394 HIGH
Confluence 6.1.0-6.6.15, 6.7.0-6.13.6, 6.14.0-6.15.7 - Authenticated Local File Disclosure via Page Export
CVSS 8.8
CVE-2019-13408 HIGH
Advan VD-1 Firmware < 230 - Unauthenticated Path Traversal via ExportSettings.cgi Download Parameter
CVSS 7.5
CVE-2019-11249 MEDIUM
Kubernetes < 1.12.10, 1.13.0-1.13.8, 1.14.0-1.14.4, 1.15.0-1.15.1 - Path Traversal via kubectl cp
CVSS 6.5
CVE-2019-11246 MEDIUM
Kubernetes < 1.12.10 - Path Traversal via kubectl cp Command
CVSS 6.5
CVE-2019-15714 MEDIUM
entropic < 2019-06-13 - Path Traversal via Command Name
CVSS 5.3
Details
Vulnerabilities 9,261
Exploit Likelihood High