CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-15648 MEDIUM
insert-or-embed-articulate-content-into-wordpress < 4.29991 - Unauthenticated Path Traversal
CVSS 6.5
CVE-2019-13237 MEDIUM
Alkacon OpenCms 10.5.4-10.5.5 - Local File Inclusion via Multiple Admin Endpoints
CVSS 4.3
CVE-2019-15055 MEDIUM
MikroTik RouterOS <= 6.44.5 and 6.45.x <= 6.45.3 - Authenticated Arbitrary File Deletion via Disk Name Handling
CVSS 6.5
CVE-2019-11654 HIGH
Micro Focus Verastream Host Integrator <7.7 SP2 - Path Traversal
CVSS 7.5
CVE-2019-15520 MEDIUM
comelz Quark < 2019-03-26 - Path Traversal
CVSS 5.3
CVE-2019-15519 CRITICAL
Power-Response < 2019-02-02 - Path Traversal via Plugin
CVSS 9.8
CVE-2019-15518 MEDIUM
swoole < 4.2.13 - Path Traversal in swPort_http_static_handler
CVSS 5.3
CVE-2019-15517 MEDIUM
jc21 Nginx Proxy Manager < 2.0.13 - Path Traversal via URL-Encoded Dot-Slash Sequences
CVSS 5.5
CVE-2019-15516 HIGH
Cuberite < 2019-06-11 - Path Traversal via Webadmin ....// Bypass
CVSS 7.5
CVE-2019-15326 HIGH
import_users_from_csv_with_meta < 1.14.2.1 - Path Traversal
CVSS 7.5
CVE-2019-14751 HIGH
nltk < 3.4.5 - Arbitrary File Write via Directory Traversal in Package Extraction
CVSS 7.5
CVE-2019-11029 HIGH
Mirasys VMS < 7.6.1 and 8.x < 8.3.2 - Unauthenticated Path Traversal via AutoUpdateService Download Method
CVSS 7.5
CVE-2019-11013 MEDIUM
Nimble Streamer 3.0.2-2-3.5.4-9 - Path Traversal
CVSS 6.5
CVE-2019-15323 HIGH
Ad Inserter < 2.4.20 - Path Traversal
CVSS 7.5
CVE-2019-11603 HIGH
ProSyst mBS SDK <8.2.6 - Path Traversal
CVSS 7.5
CVE-2019-11601 HIGH
Bosch IoT Gateway <9.2.0 & ProSyst mBS SDK <8.2.6 - Path Traversal & Arbitrary File Write
CVSS 7.5
CVE-2019-4460 HIGH
IBM API Connect <5.0.8.6 - Path Traversal
CVSS 7.5
CVE-2019-3967 MEDIUM
OpenEMR < 5.0.1 - Authenticated Path Traversal via Patient File Download Interface
CVSS 6.5
CVE-2019-9852 HIGH
LibreOffice - Code Injection
CVSS 7.8
CVE-2019-12791 HIGH
Vesta Control Panel 0.9.8-24 - Path Traversal and Privilege Escalation via Password Reset Form
CVSS 8.8
CVE-2019-14788 HIGH
Tribulant Newsletters < 4.6.19 - Path Traversal and Remote Code Execution via Export Subscribers Parameter
CVSS 8.8
CVE-2019-12479 CRITICAL
TwentyTwenty.Storage 2.11.0 - Path Traversal in LocalStorageProvider
CVSS 9.1
CVE-2019-14530 HIGH
OpenEMR < 5.0.2 - Path Traversal and Arbitrary File Deletion via fileName Parameter
CVSS 8.8
CVE-2019-3744 HIGH
Dell/Alienware Digital Delivery < 3.5.2013 - Privilege Escalation via Race Condition
CVSS 7.8
CVE-2019-14798 MEDIUM
10Web Photo Gallery < 1.5.25 - Authenticated Local File Inclusion via Shortcode Tagtext Parameter
CVSS 4.9
Details
Vulnerabilities 9,261
Exploit Likelihood High