CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,264 vulnerabilities with CWE-22
CVE-2019-9622 MEDIUM
ebrigade < 4.5 - Arbitrary File Download via showfile.php File Parameter
CVSS 4.3
CVE-2019-9611 MEDIUM
ofcms < 1.1.3 - Unauthenticated Path Traversal and Arbitrary File Write via Template Controller
CVSS 6.5
CVE-2019-9610 MEDIUM
ofcms < 1.1.3 - Path Traversal via TemplateController getTemplates Function
CVSS 4.3
CVE-2019-9607 MEDIUM
PHP Scripts Mall Medical Store Script <3.0.3 - Path Traversal
CVSS 5.3
CVE-2019-9195 CRITICAL
Grin < 1.0.2 - Remote Code Execution via ZIP Archive Directory Traversal
CVSS 9.8
CVE-2019-9064 MEDIUM
Cab Booking Script 1.0.3 - Path Traversal via JPG/PNG File Upload
CVSS 5.3
CVE-2019-9015 CRITICAL
mopcms < 2018-11-30 - Path Traversal and Arbitrary File Deletion via Column Management
CVSS 9.1
CVE-2019-1681 HIGH
Cisco IOS XR < 6.5.2 - Unauthenticated Path Traversal via TFTP Service
CVSS 7.5
CVE-2019-3474 MEDIUM
Micro Focus Filr 3.x - Authenticated Path Traversal and Arbitrary File Read
CVSS 6.5
CVE-2019-8943 MEDIUM
WordPress <= 5.0.3 - Authenticated Path Traversal via Image Crop Filename
CVSS 6.5
CVE-2019-8903 HIGH
Total.js prior to 3.2.4 Directory Traversal
CVSS 7.5
CVE-2019-8412 HIGH
FeiFeiCms 4.0.181010 - Unauthenticated Path Traversal and Arbitrary File Read/Delete via Admin-Data Endpoint
CVSS 8.8
CVE-2019-8411 HIGH
zzcms 2018 - Unauthenticated Arbitrary File Deletion via Directory Traversal
CVSS 7.5
CVE-2019-8407 MEDIUM
HongCMS 3.0.0 - Path Traversal and Arbitrary File Write via Language Edit Filename Parameter
CVSS 6.5
CVE-2019-8395 CRITICAL
Zoho ManageEngine ServiceDesk Plus < 10.0 - Insecure Direct Object Reference via Request Attachment
CVSS 9.8
CVE-2019-8389 HIGH
Musicloud 1.6 - Unauthenticated Path Traversal and Arbitrary File Read via Wi-Fi Transfer Feature
CVSS 8.1
CVE-2019-8358 HIGH
Hiawatha < 10.8.4 - Path Traversal via AllowDotFiles
CVSS 8.1
CVE-2019-5910 HIGH
HOUSE GATE App for iOS 1.7.8 - Path Traversal
CVSS 7.5
CVE-2019-7678 CRITICAL
Enphase Envoy R3.*.* - Path Traversal
CVSS 9.8
CVE-2019-7403 MEDIUM
PHPMyWind 5.5 - Unauthenticated Path Traversal via Database Backup Import
CVSS 4.9
CVE-2019-7387 MEDIUM
Systrome Cumilon ISG - Path Traversal
CVSS 6.5
CVE-2019-1000009 MEDIUM
Helm ChartMuseum <0.8.1 - Path Traversal
CVSS 6.5
CVE-2019-1000008 MEDIUM
Helm 2.0.0-2.12.1 - Path Traversal via Chart Archive Unpacking
CVSS 6.5
CVE-2019-6111 MEDIUM
OpenSSH < 7.9 - Arbitrary File Write via Malicious SCP Server
CVSS 5.9
CVE-2019-7237 HIGH
idreamsoft iCMS 7.0.13 - Path Traversal
CVSS 7.5
Details
Vulnerabilities 9,264
Exploit Likelihood High