CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,264 vulnerabilities with CWE-22
CVE-2019-7236
HIGH
idreamsoft iCMS <7.0.13 - Path Traversal
CVSS 7.5
CVE-2019-7235
HIGH
idreamsoft iCMS 7.0.13 - Path Traversal
CVSS 7.5
CVE-2019-7234
CRITICAL
idreamsoft iCMS 7.0.13 - Path Traversal
CVSS 9.1
CVE-2019-7160
CRITICAL
idreamsoft iCMS 7.0.13 - Path Traversal
CVSS 9.8
CVE-2019-6500
HIGH
Axway File Transfer Direct 2.7.1 - Unauthenticated Path Traversal via %2e Encoding Bypass
CVSS 7.5
CVE-2019-5887
HIGH
ShopXO 1.2.0 - Path Traversal via UnlinkDir Method
CVSS 7.5
CVE-2019-3580
HIGH
OpenRefine < 3.1 - Path Traversal and Arbitrary File Write via Project File Import
CVSS 7.5
CVE-2018-25421
MEDIUM
Open STA Manager 2.3 Arbitrary File Download via Path Traversal
CVSS 6.5
CVE-2018-25408
HIGH
The Open ISES Project 3.30A Path Traversal Arbitrary File Download
CVSS 7.5
CVE-2018-25393
MEDIUM
Navigate CMS 2.8.5 Path Traversal via navigate_download.php
CVSS 6.5
CVE-2018-25374
HIGH
Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal
CVSS 7.5
CVE-2018-25365
HIGH
PCViewer vt1000 Directory Traversal via GET Request
CVSS 7.5
CVE-2018-25326
HIGH
Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php
CVSS 7.5
CVE-2018-25325
HIGH
Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion
CVSS 7.5
CVE-2018-25312
MEDIUM
LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution
CVSS 6.5
CVE-2018-25311
MEDIUM
VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal 2.10 (X-Prototype-Version: 1.6.0.2)
CVSS 6.5
CVE-2018-25308
HIGH
BuddyPress Xprofile Custom Fields Type 2.6.3 Remote Code Execution
CVSS 8.8
CVE-2018-25194
HIGH
Nominas 0.27 - Unauthenticated SQL Injection via Username Parameter
CVSS 8.2
CVE-2018-25184
MEDIUM
Surreal ToDo 0.6.1.2 - Path Traversal
CVSS 6.2
CVE-2018-25181
HIGH
Musicco 2.0.0 - Unauthenticated Path Traversal via Parent Parameter
CVSS 7.5
CVE-2018-25178
HIGH
rul10 easyndexer 1.0 - Unauthenticated Arbitrary File Download via showtif.php File Parameter
CVSS 7.5
CVE-2018-25144
HIGH
Microhard Systems IPn4G 1.1.0 - Auth Bypass
CVSS 8.4
CVE-2018-25124
HIGH
PacsOne Server <6.6.2 - Path Traversal
CVE-2018-25113
HIGH
Dicoogle PACS Web Server <2.5.0 - Path Traversal
CVE-2018-25094
LOW
Online Accounting System <=1.4.0 - Path Traversal
CVSS 3.5
Details
Vulnerabilities
9,264
Exploit Likelihood
High