CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,267 vulnerabilities with CWE-22
CVE-2018-19586 CRITICAL
Silverpeas 5.15-6.0.2 - Path Traversal
CVSS 9.9
CVE-2018-20229 HIGH
GitLab <11.3.14-11.5.5 - Path Traversal
CVSS 7.5
CVE-2018-1618 HIGH
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 - Path Traversal via URL Request
CVSS 7.7
CVE-2018-13299 MEDIUM
Synology Calendar < 2.2.2-0532 - Authenticated Path Traversal and Arbitrary File Write via Attachment Uploader
CVSS 4.3
CVE-2018-20144 HIGH
GitLab <11.3.13-11.5.4 - Info Disclosure
CVSS 7.5
CVE-2018-19856 HIGH
GitLab <11.3.12-11.5.3 - Path Traversal
CVSS 7.5
CVE-2018-16858 HIGH
LibreOffice Macro Python Code Execution
CVSS 7.8
CVE-2018-20647 MEDIUM
Car Rental Script 2.0.8 - Path Traversal via Direct Image Directory Listing Request
CVSS 6.5
CVE-2018-20646 MEDIUM
Basic B2B Script 2.0.9 - Path Traversal via Image Directory Listing
CVSS 6.5
CVE-2018-20643 MEDIUM
Entrepreneur Job Portal Script 3.0.1 - Path Traversal via Direct Image Directory Request
CVSS 6.5
CVE-2018-20638 MEDIUM
Chartered Accountant : Auditor Website 2.0.1 - Path Traversal via Direct Image Directory Request
CVSS 6.5
CVE-2018-20635 MEDIUM
Advance B2B Script 2.1.4 - Path Traversal via Direct Image Directory Request
CVSS 4.3
CVE-2018-20631 MEDIUM
Website Seller Script 2.0.5 - Path Traversal via Arbitrary Image URL Request
CVSS 5.3
CVE-2018-20630 MEDIUM
Advance Crowdfunding Script 2.0.3 - Path Traversal via Direct Uploads Directory Listing
CVSS 5.3
CVE-2018-20629 MEDIUM
Charity Donation Script - Path Traversal via Direct Uploads Directory Listing Request
CVSS 5.3
CVE-2018-20628 HIGH
Charity Foundation Script 1-3 - Path Traversal via Uploads Directory Listing
CVSS 7.5
CVE-2018-20626 MEDIUM
Consumer Reviews Script 4.0.3 - Path Traversal via Direct Uploads Directory Request
CVSS 6.5
CVE-2018-20525 CRITICAL
Roxy Fileman 1.4.5 - Path Traversal via copydir.php, copyfile.php, and fileslist.php
CVSS 9.1
CVE-2018-19512 HIGH
Webgalamb < 7.0 - Authenticated Path Traversal and Remote Code Execution via wgmfile Restore
CVSS 7.2
CVE-2018-19365 CRITICAL
Wowza Streaming Engine 4.7.4.01 - Path Traversal
CVSS 9.1
CVE-2018-11789 HIGH
Apache Heron 0.13.0-0.17.7 - Path Traversal via UI File Path Parameter
CVSS 7.5
CVE-2018-18809 MEDIUM KEV
TIBCO JasperReports Library <= 6.4.21 and 6.7.0 - Path Traversal
CVSS 6.5
CVE-2018-20795 HIGH
tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter
CVSS 7.5
CVE-2018-20794 HIGH
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via Image Save Action
CVSS 7.5
CVE-2018-20793 HIGH
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via paths[0] Bypass
CVSS 7.5
Details
Vulnerabilities 9,267
Exploit Likelihood High