CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,267 vulnerabilities with CWE-22
CVE-2018-20792 HIGH
tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter in get_file Action
CVSS 7.5
CVE-2018-20790 HIGH
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Deletion via paths[0] Parameter
CVSS 7.5
CVE-2018-20789 HIGH
tecrail Responsive FileManager 9.13.4 - Path Traversal & Directory Deletion via execute.php
CVSS 7.5
CVE-2018-2006 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 11.0.0.0-11.0.0.3 - Path Traversal via URL Request
CVSS 4.9
CVE-2018-20769 HIGH
Xerox WorkCentre Multiple Models < R18-05 073.xxx.0487.15000 - Local File Inclusion
CVSS 7.5
CVE-2018-20251 MEDIUM
WinRAR <= 5.61 - Path Traversal via ACE Filename Field
CVSS 5.5
CVE-2018-20250 HIGH KEV
WinRAR <= 5.61 - Path Traversal and Remote Code Execution via ACE Filename Field
CVSS 7.8
CVE-2018-18990 MEDIUM
LCDS Laquis SCADA < 4.1.0.4150 - Path Traversal
CVSS 5.3
CVE-2018-16493 HIGH
static-resource-server 1.7.2 - Unauthenticated Path Traversal via URL Slash Injection
CVSS 7.5
CVE-2018-16485 MEDIUM
m-server < 1.4.1 - Path Traversal via URL Slash Manipulation
CVSS 6.5
CVE-2018-16482 HIGH
mcstatic <=0.0.20 - Path Traversal via URL Path Slash Injection
CVSS 7.5
CVE-2018-16479 HIGH
http-live-simulator < 1.0.7 - Path Traversal via Extra Slashes in URL
CVSS 7.5
CVE-2018-0722 HIGH
QNAP Photo Station < 5.7.2 - Path Traversal
CVSS 7.5
CVE-2018-19043 MEDIUM
Media File Manager 1.4.2 - Path Traversal and Arbitrary File Renaming via mrelocator_rename Action
CVSS 5.3
CVE-2018-19042 MEDIUM
Media File Manager 1.4.2 - Path Traversal via mrelocator_move Action
CVSS 5.3
CVE-2018-19040 MEDIUM
Media File Manager 1.4.2 - Directory Listing via Path Traversal in dir Parameter
CVSS 5.3
CVE-2018-1000997 MEDIUM
Jenkins < 2.138.1, < 2.145 - Path Traversal in Stapler Web Framework
CVSS 6.5
CVE-2018-15782 HIGH
RSA Authentication Manager < 8.4 - Path Traversal via Quick Setup License
CVSS 7.7
CVE-2018-20714 HIGH
WooCommerce < 3.4.6 - File Deletion and Privilege Escalation via Logging System
CVSS 8.1
CVE-2018-16202 HIGH
cordova-plugin-ionic-webview < 2.2.0 - Path Traversal
CVSS 8.6
CVE-2018-16171 HIGH
Cybozu Remote Service 3.0.0-3.1.8 - Remote Code Execution via Directory Traversal
CVSS 8.8
CVE-2018-16170 HIGH
Cybozu Remote Service 3.0.0-3.1.8 - Authenticated Path Traversal
CVSS 8.1
CVE-2018-1000406 MEDIUM
Jenkins < 2.138.1, < 2.145 - Authenticated Path Traversal and Arbitrary File Write via File Parameter
CVSS 6.5
CVE-2018-0705 CRITICAL
Cybozu Dezie 8.0.2-8.1.2 - Path Traversal via HTTP Requests
CVSS 9.1
CVE-2018-0704 HIGH
Cybozu Office 10.0.0-10.8.1 - Path Traversal via Keitai Screen
CVSS 7.5
Details
Vulnerabilities 9,267
Exploit Likelihood High