CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,267 vulnerabilities with CWE-22
CVE-2018-25124 HIGH
PacsOne Server <6.6.2 - Path Traversal
CVE-2018-25113 HIGH
Dicoogle PACS Web Server <2.5.0 - Path Traversal
CVE-2018-25094 LOW
Online Accounting System <=1.4.0 - Path Traversal
CVSS 3.5
CVE-2018-16739 HIGH
ABUS TVIP Firmware - Unauthenticated Path Traversal and Arbitrary File Write via filewrite Endpoint
CVSS 8.8
CVE-2018-25048 HIGH
CODESYS Control Runtime < 3.5.12.30 - Path Traversal and Denial of Service
CVSS 8.8
CVE-2018-25059 LOW
pastebinit < 0.2.2 - Path Traversal via r.URL.Path in pasteHandler
CVSS 3.5
CVE-2018-25046 CRITICAL
Cloud Foundry Archiver - Path Traversal
CVSS 9.1
CVE-2018-19945 CRITICAL
QNAP QTS 4.3.4-4.3.6 - Arbitrary File Rename via Path Traversal
CVSS 9.1
CVE-2018-18576 MEDIUM
Hustle < 6.0.5 - Directory Traversal via Admin Dashboard URI
CVSS 5.3
CVE-2018-18894 HIGH
Lexmark C, M, X, and 6500e Firmware < 2018-12-18 - Path Traversal via Embedded Web Server
CVSS 7.5
CVE-2018-12476 MEDIUM
SUSE Linux Enterprise Server 15, openSUSE Factory - Path Traversal
CVSS 4.3
CVE-2018-1847 MEDIUM
IBM Financial Transaction Manager 2.0.0.0-2.0.0.5, 2.1.0.0-2.1.0.4, 2.1.1.0-2.1.1.4, 3.0.0.0-3.0.0.8 Path Traversal
CVSS 6.5
CVE-2018-14672 MEDIUM
ClickHouse <18.12.13 - Path Traversal
CVSS 5.3
CVE-2018-14918 HIGH
LOYTEC LGATE-902 <6.3.2 - Path Traversal
CVSS 7.5
CVE-2018-16594 HIGH
Sony Bravia TV < 8.587 - Path Traversal in Photo Sharing Plus
CVSS 8.1
CVE-2018-18863 MEDIUM
NGA ResourceLink 20.0.2.1 - Local File Inclusion
CVSS 6.5
CVE-2018-18876 MEDIUM
Columbia Weather MicroServer Firmware MS_2.6.9900 - Path Traversal via readouts_rd.php
CVSS 5.3
CVE-2018-20470 HIGH
Sahi Pro < 8.0.0 - Directory Traversal in Web Reports Module
CVSS 7.5
CVE-2018-13379 CRITICAL KEV
FortiProxy < 1.2.9 and FortiOS 5.4.6-5.4.12 - Unauthenticated Path Traversal via SSL VPN Web Portal
CVSS 9.1
CVE-2018-16221 HIGH
Yealink SIP-T41P 66.83.0.35 - Authenticated Path Traversal via Diagnostics Web Interface
CVSS 8.0
CVE-2018-17180 MEDIUM
OpenEMR < 5.0.1.7 - Path Traversal via docid Parameter in download_template.php
CVSS 5.3
CVE-2018-6885 CRITICAL
MicroStrategy Web Services < 10.4 - Unauthenticated Path Traversal via SOAP Request
CVSS 9.8
CVE-2018-12298 HIGH
Seagate NAS OS 4.3.15.1 - Path Traversal
CVSS 7.5
CVE-2018-16961 HIGH
Open XDMoD < 7.5.0 - Path Traversal via file Parameter
CVSS 7.5
CVE-2018-16716 CRITICAL
NCBI ToolBox <2.2.26 - Info Disclosure
CVSS 9.1
Details
Vulnerabilities 9,267
Exploit Likelihood High