CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,267 vulnerabilities with CWE-22
CVE-2018-19586
CRITICAL
Silverpeas 5.15-6.0.2 - Path Traversal
CVSS 9.9
CVE-2018-20229
HIGH
GitLab <11.3.14-11.5.5 - Path Traversal
CVSS 7.5
CVE-2018-1618
HIGH
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 - Path Traversal via URL Request
CVSS 7.7
CVE-2018-13299
MEDIUM
Synology Calendar < 2.2.2-0532 - Authenticated Path Traversal and Arbitrary File Write via Attachment Uploader
CVSS 4.3
CVE-2018-20144
HIGH
GitLab <11.3.13-11.5.4 - Info Disclosure
CVSS 7.5
CVE-2018-19856
HIGH
GitLab <11.3.12-11.5.3 - Path Traversal
CVSS 7.5
CVE-2018-16858
HIGH
LibreOffice Macro Python Code Execution
CVSS 7.8
CVE-2018-20647
MEDIUM
Car Rental Script 2.0.8 - Path Traversal via Direct Image Directory Listing Request
CVSS 6.5
CVE-2018-20646
MEDIUM
Basic B2B Script 2.0.9 - Path Traversal via Image Directory Listing
CVSS 6.5
CVE-2018-20643
MEDIUM
Entrepreneur Job Portal Script 3.0.1 - Path Traversal via Direct Image Directory Request
CVSS 6.5
CVE-2018-20638
MEDIUM
Chartered Accountant : Auditor Website 2.0.1 - Path Traversal via Direct Image Directory Request
CVSS 6.5
CVE-2018-20635
MEDIUM
Advance B2B Script 2.1.4 - Path Traversal via Direct Image Directory Request
CVSS 4.3
CVE-2018-20631
MEDIUM
Website Seller Script 2.0.5 - Path Traversal via Arbitrary Image URL Request
CVSS 5.3
CVE-2018-20630
MEDIUM
Advance Crowdfunding Script 2.0.3 - Path Traversal via Direct Uploads Directory Listing
CVSS 5.3
CVE-2018-20629
MEDIUM
Charity Donation Script - Path Traversal via Direct Uploads Directory Listing Request
CVSS 5.3
CVE-2018-20628
HIGH
Charity Foundation Script 1-3 - Path Traversal via Uploads Directory Listing
CVSS 7.5
CVE-2018-20626
MEDIUM
Consumer Reviews Script 4.0.3 - Path Traversal via Direct Uploads Directory Request
CVSS 6.5
CVE-2018-20525
CRITICAL
Roxy Fileman 1.4.5 - Path Traversal via copydir.php, copyfile.php, and fileslist.php
CVSS 9.1
CVE-2018-19512
HIGH
Webgalamb < 7.0 - Authenticated Path Traversal and Remote Code Execution via wgmfile Restore
CVSS 7.2
CVE-2018-19365
CRITICAL
Wowza Streaming Engine 4.7.4.01 - Path Traversal
CVSS 9.1
CVE-2018-11789
HIGH
Apache Heron 0.13.0-0.17.7 - Path Traversal via UI File Path Parameter
CVSS 7.5
CVE-2018-18809
MEDIUM
KEV
TIBCO JasperReports Library <= 6.4.21 and 6.7.0 - Path Traversal
CVSS 6.5
CVE-2018-20795
HIGH
tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter
CVSS 7.5
CVE-2018-20794
HIGH
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via Image Save Action
CVSS 7.5
CVE-2018-20793
HIGH
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via paths[0] Bypass
CVSS 7.5
Details
Vulnerabilities
9,267
Exploit Likelihood
High