CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,264 vulnerabilities with CWE-22
CVE-2019-11607
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via copydir.php
CVSS 7.5
CVE-2019-11606
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via copyfile.php
CVSS 7.5
CVE-2019-5624
HIGH
Rapid7 Metasploit < 4.14.0 - Path Traversal and Arbitrary Code Execution via Zip Import Function
CVSS 7.3
CVE-2019-11591
HIGH
WebDorado Contact Form <1.13.5 - CSRF
CVSS 8.8
CVE-2019-11590
HIGH
10Web Form Maker < 1.13.5 - Cross-Site Request Forgery and Local File Inclusion via Admin-Ajax Action Parameter
CVSS 8.8
CVE-2019-11557
HIGH
WebDorado Contact Form Builder <1.0.69 - CSRF
CVSS 8.8
CVE-2019-3720
MEDIUM
Dell EMC Open Manage System Administrator < 9.3.0 - Authenticated Path Traversal via Insufficient Input Sanitization
CVSS 4.9
CVE-2019-11515
MEDIUM
Gila CMS 1.10.1 - Authenticated Path Traversal via db_backup Download Parameter
CVSS 4.9
CVE-2019-7213
MEDIUM
SmarterTools SmarterMail <16.x-6985 - Path Traversal
CVSS 6.5
CVE-2019-3902
MEDIUM
Mercurial < 4.9 - Path Traversal via Symlinks and Subrepositories
CVSS 5.1
CVE-2019-11378
HIGH
ProjectSend <r1053 - Path Traversal
CVSS 8.8
CVE-2019-9005
MEDIUM
Cprime Power Scripts < 4.0.14 - Path Traversal
CVSS 6.5
CVE-2019-3398
HIGH
KEV
Confluence Server 6.15.1 - Path Traversal and Remote Code Execution
CVSS 8.8
CVE-2019-1835
MEDIUM
Cisco Aironet Access Point Firmware 8.8-8.9 - Authenticated Path Traversal via CLI Commands
CVSS 4.4
CVE-2019-9222
HIGH
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Path Traversal
CVSS 8.1
CVE-2019-4178
MEDIUM
IBM Cognos Analytics 11.0.0.0-11.0.12.9 - Path Traversal and Arbitrary File Write
CVSS 6.4
CVE-2019-3943
HIGH
MikroTik RouterOS < 6.42.12, < 6.43.12, < 6.44beta75 - Authenticated Path Traversal via HTTP or Winbox Interface
CVSS 8.1
CVE-2019-10945
CRITICAL
Joomla! < 3.9.4 - Path Traversal via Media Manager Folder Parameter
CVSS 9.8
CVE-2019-3880
MEDIUM
Samba 3.2.0-4.8.10 - Unauthenticated Path Traversal via Registry RPC Endpoint
CVSS 5.4
CVE-2019-10242
MEDIUM
Eclipse Kura < 4.0.0 - Path Traversal via SkinServlet
CVSS 5.3
CVE-2019-10632
MEDIUM
Zyxel NAS326 Firmware < 5.21 - Path Traversal in File Browser
CVSS 6.5
CVE-2019-1785
HIGH
ClamAV 0.101.0-0.101.1 - Path Traversal and Arbitrary File Write via RAR File Processing
CVSS 7.8
CVE-2019-9489
HIGH
Trend Micro Apex One, OfficeScan & Worry-Free - Path Traversal
CVSS 7.5
CVE-2019-5423
HIGH
http-live-simulator <1.0.5 - Path Traversal
CVSS 7.5
CVE-2019-5889
HIGH
OverIT Geocall 6.3 - Path Traversal in Log Management
CVSS 7.5
Details
Vulnerabilities
9,264
Exploit Likelihood
High