CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-12593 HIGH
IceWarp Mail Server <= 10.4.4 - Local File Inclusion via Webmail Calendar Minimizer
CVSS 7.5
CVE-2019-3397 CRITICAL
Atlassian Bitbucket < 5.13.6 - Path Traversal
CVSS 9.1
CVE-2019-9106 CRITICAL
SAET TEBE Small Firmware WebApp v04.68 - Path Traversal and Local File Inclusion via Menu Parameter
CVSS 9.8
CVE-2019-10038 HIGH
Evernote 7.9 - Arbitrary Program Execution via Local Executable Reference
CVSS 7.8
CVE-2019-9723 HIGH
LogicalDOC CE <8.2.1 - Path Traversal
CVSS 7.1
CVE-2019-12459 MEDIUM
FileRun 2019.05.21 - Directory Listing in Audio Player Plugin
CVSS 5.3
CVE-2019-12458 MEDIUM
FileRun 2019.05.21 - Directory Listing via css/ext-ux
CVSS 5.3
CVE-2019-12457 MEDIUM
FileRun 2019.05.21 - Directory Listing in images/extjs
CVSS 5.3
CVE-2019-9858 HIGH
Horde Groupware Webmail <5.2.22-5.2.17 - RCE
CVSS 8.8
CVE-2019-12314 CRITICAL
Deltek Maconomy 2.2.5 - Path Traversal
CVSS 9.8
CVE-2019-12309 MEDIUM
dotcms < 5.1.0 - Authenticated Path Traversal via Insecure ZIP Archive Extraction
CVSS 4.9
CVE-2019-7106 CRITICAL
Adobe XD <= 16.0 - Path Traversal
CVSS 9.8
CVE-2019-7105 CRITICAL
Adobe XD <= 16.0 - Path Traversal
CVSS 9.8
CVE-2019-11231 CRITICAL
GetSimple CMS < 3.3.15 - Remote Code Execution via Theme Edit File Upload
CVSS 9.8
CVE-2019-12277 CRITICAL
Blogifier < 2.5.5 - Path Traversal via Improper Pathname Restriction
CVSS 9.8
CVE-2019-12173 HIGH
MacDown 0.7.1 - Remote Code Execution via file:\\ URI in HREF Attribute
CVSS 8.8
CVE-2019-12172 HIGH
Typora 0.9.9.21.1 - Remote Code Execution via Modified File URL Syntax in AREA HREF Attribute
CVSS 7.8
CVE-2019-5936 MEDIUM
Cybozu Garoon 4.0.0-4.10.1 - Authenticated Path Traversal via Work Flow Application
CVSS 5.4
CVE-2019-8925 MEDIUM
ManageEngine Netflow Analyzer 7.0.0.2 Authenticated Path Traversal via CReportPDFServlet
CVSS 4.3
CVE-2019-12138 HIGH
MacDown 0.7.1 - Path Traversal and Arbitrary Program Execution via Shared Note
CVSS 7.8
CVE-2019-12137 HIGH
Typora <0.9.9.24.6 - Path Traversal
CVSS 7.8
CVE-2019-1820 MEDIUM
Cisco Prime Infrastructure - Info Disclosure
CVSS 6.5
CVE-2019-1819 MEDIUM
Cisco Prime Infrastructure - Info Disclosure
CVSS 6.5
CVE-2019-1818 MEDIUM
Cisco Prime Infrastructure - Info Disclosure
CVSS 6.5
CVE-2019-1717 HIGH
Cisco Video Surveillance Manager - Unauthenticated Path Traversal and Arbitrary File Read
CVSS 7.5
Details
Vulnerabilities 9,261
Exploit Likelihood High