CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,267 vulnerabilities with CWE-22
CVE-2018-0703 HIGH
Cybozu Office 10.0.0-10.8.1 - Path Traversal and Arbitrary File Deletion via HTTP Requests
CVSS 7.5
CVE-2018-0702 HIGH
Cybozu Mailwise 5.0.0-5.4.5 - Path Traversal and Arbitrary File Deletion
CVSS 7.5
CVE-2018-15490 HIGH
ExpressVPN - Path Traversal and Arbitrary File Write via JSON-RPC XVPN.GetPreference and XVPN.SetPreference
CVSS 7.1
CVE-2018-18593 MEDIUM
HP UCMDB Configuration Manager Remote Directory Traversal and Privileged Information Disclosure
CVSS 6.5
CVE-2018-20610 MEDIUM
imcat 4.4 - Path Traversal via efile Parameter
CVSS 4.9
CVE-2018-20604 MEDIUM
Lei Feng TV CMS 3.8.6 - Path Traversal via Template/edit/path URI
CVSS 4.9
CVE-2018-20566 MEDIUM
DouPHP 1.5 20181221 - Path Traversal via Crafted Installation Page
CVSS 5.3
CVE-2018-20463 HIGH
jsmol2wp 1.07 - Path Traversal and Server-Side Request Forgery via jsmol.php query Parameter
CVSS 7.5
CVE-2018-20437 HIGH
mrbird febs-shiro < 2018.11.05 - Path Traversal via CommonController File Download
CVSS 7.5
CVE-2018-7835 HIGH
IIoT Monitor <3.1.38 - Path Traversal
CVSS 7.5
CVE-2018-20332 HIGH
Enigma2 OpenWebif <1.2.4 - Info Disclosure
CVSS 7.5
CVE-2018-1000882 HIGH
WeBid < 1.2.2 - Path Traversal and Arbitrary Image File Read via getthumb.php
CVSS 7.5
CVE-2018-1000857 HIGH
log-user-session <0.7 - Path Traversal
CVSS 8.8
CVE-2018-1000850 HIGH
Square Retrofit <2.5.0 - Path Traversal
CVSS 7.5
CVE-2018-1000817 HIGH
Asset Pipeline <3.0.6 - Info Disclosure
CVSS 7.5
CVE-2018-20303 HIGH
Gogs <0.11.82.1218 - Path Traversal
CVSS 7.5
CVE-2018-20227 HIGH
RDF4J < 2.5.0 - Path Traversal via ZIP Archive Entry
CVSS 7.5
CVE-2018-20092 HIGH
PTC ThingWorx <8.3.0 - Path Traversal
CVSS 7.5
CVE-2018-19003 HIGH
GE EX2100e Firmware < 04.09.00c - Path Traversal
CVSS 7.5
CVE-2018-16874 HIGH
Go <1.10.6, 1.11.x <1.11.3 - Path Traversal
CVSS 8.1
CVE-2018-13812 HIGH
SIMATIC HMI Panels & WinCC < V15 Update 4 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2018-20128 HIGH
UsualToolCMS v8.0 - Path Traversal and Arbitrary File Deletion via a_sqlback.php backname Parameter
CVSS 7.5
CVE-2018-20094 HIGH
XXL-CONF 1.6.0 - Path Traversal via Keys Parameter
CVSS 7.5
CVE-2018-20064 HIGH
doorGets 7.0 - Unauthenticated Path Traversal and Arbitrary File Write via Theme Editor
CVSS 7.5
CVE-2018-20058 HIGH
Evernote < 7.6 - Path Traversal in Attachment Preview
CVSS 7.5
Details
Vulnerabilities 9,267
Exploit Likelihood High