CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-1010151 CRITICAL
zzcms zzmcms < 8.3 - Path Traversal and Arbitrary File Deletion via ppsave.php
CVSS 9.8
CVE-2019-13584 MEDIUM
FANUC Robotics Virtual Robot Controller <8.23 - Path Traversal
CVSS 5.3
CVE-2019-10352 MEDIUM
Jenkins < 2.176.1, < 2.185 - Authenticated Arbitrary File Write via File Parameter
CVSS 6.5
CVE-2019-4430 HIGH
IBM Maximo Asset Management 7.6 - Path Traversal
CVSS 7.5
CVE-2019-13623 HIGH
NSA Ghidra < 9.1 - Path Traversal and Arbitrary File Write via Archive Filename
CVSS 7.8
CVE-2019-12990 CRITICAL
Citrix SD-WAN 10.2.x < 10.2.3 and NetScaler SD-WAN 10.0.x < 10.0.8 - Path Traversal
CVSS 9.8
CVE-2019-0887 HIGH
Remote Desktop Client < 1.2.2691 - Authenticated Remote Code Execution via Clipboard Redirection
CVSS 8.0
CVE-2019-5447 MEDIUM
http-file-server <= 0.2.6 - Path Traversal
CVSS 5.3
CVE-2019-3415 MEDIUM
ZTE ZXMW NR8000 Firmware V2.4.4.03 and V2.4.4.04 - Path Traversal
CVSS 5.7
CVE-2019-9886 HIGH
BroadLearning eClass <ip.2.5.10.2.1 - Info Disclosure
CVSS 7.5
CVE-2019-5444 MEDIUM
serve-here.js <v1.1.3 - Path Traversal
CVSS 5.3
CVE-2019-5221 MEDIUM
Huawei Mate 20 X Firmware < Ever-L29B 9.1.0.300(C636E3R2P1) - Path Traversal via Huawei Share File Transfer
CVSS 6.5
CVE-2019-13396 MEDIUM
FlightPath 4.x-5.0.x - Path Traversal and Local File Inclusion via form_include Parameter
CVSS 5.3
CVE-2019-12925 HIGH
MailEnable 6.0-<6.90 - Authenticated Path Traversal and Arbitrary File Manipulation
CVSS 8.1
CVE-2019-13241 HIGH
FlightCrew < 0.9.2 - Path Traversal and Arbitrary File Write via ZIP Archive Extraction
CVSS 7.8
CVE-2019-10717 HIGH
BlogEngine.NET 3.3.7.0 - Path Traversal via File Manager API Path Parameter
CVSS 7.1
CVE-2019-10137 HIGH
spacewalk-proxy <2.9 - Info Disclosure
CVSS 8.1
CVE-2019-7254 HIGH
Linear eMerge E3-Series - Path Traversal
CVSS 7.5
CVE-2019-7253 CRITICAL
Linear eMerge E3-Series - Path Traversal
CVSS 9.8
CVE-2019-7267 CRITICAL
Linear eMerge 50P/5000P - Path Traversal
CVSS 9.8
CVE-2019-11826 HIGH
Synology Moments <1.3.0-0691 - Path Traversal
CVSS 8.0
CVE-2019-11822 MEDIUM
Synology Photo Station <6.8.11-3489, <6.3-2977 - Path Traversal
CVSS 4.3
CVE-2019-10985 CRITICAL
Advantech WebAccess < 8.3.5 - Path Traversal via Improper Path Validation
CVSS 9.1
CVE-2019-3632 HIGH
McAfee Enterprise Security Manager < 10.4.0 - Authenticated Path Traversal
CVSS 8.8
CVE-2019-7227 HIGH
ABB PB610 Panel Builder 600 Firmware 1.91-2.8.0.367 - Authenticated Path Traversal via CWD Command
CVSS 7.3
Details
Vulnerabilities 9,261
Exploit Likelihood High