CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,267 vulnerabilities with CWE-22
CVE-2018-0703
HIGH
Cybozu Office 10.0.0-10.8.1 - Path Traversal and Arbitrary File Deletion via HTTP Requests
CVSS 7.5
CVE-2018-0702
HIGH
Cybozu Mailwise 5.0.0-5.4.5 - Path Traversal and Arbitrary File Deletion
CVSS 7.5
CVE-2018-15490
HIGH
ExpressVPN - Path Traversal and Arbitrary File Write via JSON-RPC XVPN.GetPreference and XVPN.SetPreference
CVSS 7.1
CVE-2018-18593
MEDIUM
HP UCMDB Configuration Manager Remote Directory Traversal and Privileged Information Disclosure
CVSS 6.5
CVE-2018-20610
MEDIUM
imcat 4.4 - Path Traversal via efile Parameter
CVSS 4.9
CVE-2018-20604
MEDIUM
Lei Feng TV CMS 3.8.6 - Path Traversal via Template/edit/path URI
CVSS 4.9
CVE-2018-20566
MEDIUM
DouPHP 1.5 20181221 - Path Traversal via Crafted Installation Page
CVSS 5.3
CVE-2018-20463
HIGH
jsmol2wp 1.07 - Path Traversal and Server-Side Request Forgery via jsmol.php query Parameter
CVSS 7.5
CVE-2018-20437
HIGH
mrbird febs-shiro < 2018.11.05 - Path Traversal via CommonController File Download
CVSS 7.5
CVE-2018-7835
HIGH
IIoT Monitor <3.1.38 - Path Traversal
CVSS 7.5
CVE-2018-20332
HIGH
Enigma2 OpenWebif <1.2.4 - Info Disclosure
CVSS 7.5
CVE-2018-1000882
HIGH
WeBid < 1.2.2 - Path Traversal and Arbitrary Image File Read via getthumb.php
CVSS 7.5
CVE-2018-1000857
HIGH
log-user-session <0.7 - Path Traversal
CVSS 8.8
CVE-2018-1000850
HIGH
Square Retrofit <2.5.0 - Path Traversal
CVSS 7.5
CVE-2018-1000817
HIGH
Asset Pipeline <3.0.6 - Info Disclosure
CVSS 7.5
CVE-2018-20303
HIGH
Gogs <0.11.82.1218 - Path Traversal
CVSS 7.5
CVE-2018-20227
HIGH
RDF4J < 2.5.0 - Path Traversal via ZIP Archive Entry
CVSS 7.5
CVE-2018-20092
HIGH
PTC ThingWorx <8.3.0 - Path Traversal
CVSS 7.5
CVE-2018-19003
HIGH
GE EX2100e Firmware < 04.09.00c - Path Traversal
CVSS 7.5
CVE-2018-16874
HIGH
Go <1.10.6, 1.11.x <1.11.3 - Path Traversal
CVSS 8.1
CVE-2018-13812
HIGH
SIMATIC HMI Panels & WinCC < V15 Update 4 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2018-20128
HIGH
UsualToolCMS v8.0 - Path Traversal and Arbitrary File Deletion via a_sqlback.php backname Parameter
CVSS 7.5
CVE-2018-20094
HIGH
XXL-CONF 1.6.0 - Path Traversal via Keys Parameter
CVSS 7.5
CVE-2018-20064
HIGH
doorGets 7.0 - Unauthenticated Path Traversal and Arbitrary File Write via Theme Editor
CVSS 7.5
CVE-2018-20058
HIGH
Evernote < 7.6 - Path Traversal in Attachment Preview
CVSS 7.5
Details
Vulnerabilities
9,267
Exploit Likelihood
High