CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,264 vulnerabilities with CWE-22
CVE-2019-9922
HIGH
Harmis JE Messenger 1.2.2 - Path Traversal
CVSS 7.5
CVE-2019-0225
HIGH
Apache JSPWiki 2.9.0-2.11.0.M2 - Path Traversal via Specially Crafted URL
CVSS 7.5
CVE-2019-1010257
CRITICAL
article2pdf Wordpress plugin <0.28 - Info Disclosure
CVSS 9.1
CVE-2019-5927
HIGH
weban an < 3.2.0 - Path Traversal
CVSS 7.5
CVE-2019-5418
HIGH
KEV
Ruby On Rails File Content Disclosure (
CVSS 7.5
CVE-2019-3828
MEDIUM
Ansible < 2.5.15 - Path Traversal via Fetch Module Absolute Path
CVSS 4.2
CVE-2019-3396
CRITICAL
KEV
Atlassian Confluence Widget Connector Macro Velocity Template Injection
CVSS 9.8
CVE-2019-6240
HIGH
GitLab < 11.4.0 - Path Traversal
CVSS 7.5
CVE-2019-3482
MEDIUM
HP ArcSight Logger < 6.7 - Path Traversal
CVSS 6.5
CVE-2019-9960
CRITICAL
LimeSurvey Zip Path Traversals
CVSS 9.8
CVE-2019-9948
CRITICAL
Python 2.x < 2.7.17 - Path Traversal via local_file URI Scheme
CVSS 9.1
CVE-2019-9649
MEDIUM
Core FTP <2.0 Build 674 - Info Disclosure
CVSS 5.3
CVE-2019-1765
HIGH
Cisco IP Phone 8800 Series <11.0(5)/<12.5(1)SR1 Authenticated Arbitrary File Write
CVSS 8.1
CVE-2019-9648
MEDIUM
Core FTP <2.0 Build 674 - Path Traversal
CVSS 5.3
CVE-2019-9889
LOW
Vanilla < 2.6.4 - Directory Traversal and File Inclusion via AddonManager getSingleIndex
CVSS 2.7
CVE-2019-6714
CRITICAL
BlogEngine.NET < 3.3.6.0 - Unauthenticated Path Traversal and Local File Inclusion via PostList.ascx.cs
CVSS 9.8
CVE-2019-6274
HIGH
GL.iNet GL-AR300M-Lite Firmware 2.27 - Directory Traversal via storage_cgi
CVSS 8.8
CVE-2019-6273
MEDIUM
GL.iNet GL-AR300M-Lite Firmware 2.27 - Path Traversal via download_file
CVSS 6.5
CVE-2019-5417
HIGH
serve 7.0.1 - Path Traversal
CVSS 7.5
CVE-2019-5416
HIGH
localhost-now <1.0.2 - Path Traversal
CVSS 7.5
CVE-2019-0191
MEDIUM
Apache Karaf < 4.2.3 - Path Traversal and Arbitrary File Write via Malicious .kar Archive
CVSS 6.5
CVE-2019-3816
HIGH
openwsman <= 2.6.9 - Unauthenticated Arbitrary File Disclosure via Working Directory Misconfiguration
CVSS 7.5
CVE-2019-5923
HIGH
iChain Insurance Wallet < 1.3.0 - Path Traversal
CVSS 7.5
CVE-2019-9686
HIGH
pacman < 5.1.3 - Directory Traversal via Unsanitized Content-Disposition Header
CVSS 8.8
CVE-2019-9662
HIGH
JTBC(PHP) 3.0.1.8 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities
9,264
Exploit Likelihood
High