CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,267 vulnerabilities with CWE-22
CVE-2018-1000863 HIGH
Jenkins <2.153 - Privilege Escalation
CVSS 8.2
CVE-2018-19753 HIGH
Tarantella Enterprise <3.11 - Path Traversal
CVSS 7.5
CVE-2018-19859 MEDIUM
OpenRefine < 3.2 beta - Path Traversal via ZIP Archive Relative Pathname
CVSS 6.5
CVE-2018-12314 HIGH
ASUSTOR ADM <3.1.1 - Path Traversal
CVSS 7.5
CVE-2018-12309 HIGH
ASUSTOR ADM <3.1.1 - Path Traversal
CVSS 7.5
CVE-2018-12306 HIGH
ASUSTOR ADM <3.1.1 - Path Traversal
CVSS 7.5
CVE-2018-16478 MEDIUM
simplehttpserver <= 0.2.1 - Path Traversal
CVSS 5.3
CVE-2018-14707 HIGH
Drobo Pix <4.0.5-13.28.96115 - Path Traversal
CVSS 7.5
CVE-2018-3949 HIGH
TP-Link TL-R600VPN - Path Traversal via Crafted URL
CVSS 7.5
CVE-2018-7807 HIGH
Data Center Expert <7.5.0 - Path Traversal
CVSS 8.8
CVE-2018-7806 HIGH
Data Center Operation - Path Traversal
CVSS 8.8
CVE-2018-19748 HIGH
SDCMS 1.6 - Path Traversal via Base64-Encoded Root Parameter
CVSS 7.5
CVE-2018-19666 HIGH
OSSEC < 3.1.0 - Path Traversal to Local Privilege Escalation
CVSS 7.8
CVE-2018-13332 HIGH
TerraMaster TOS 3.1.03 - Path Traversal via Explorer Path URL Parameter
CVSS 7.5
CVE-2018-17934 CRITICAL
NUUO CMS < 3.3 - Path Traversal
CVSS 9.8
CVE-2018-13322 MEDIUM
Buffalo TS5600D1206 Firmware 3.61-0.10 - Path Traversal via list_folders Method
CVSS 6.5
CVE-2018-19329 MEDIUM
GreenCMS v2.3.0603 - Path Traversal
CVSS 4.9
CVE-2018-19328 CRITICAL
LAOBANCMS 2.0 - Path Traversal via install/mysql_hy.php riqi Parameter
CVSS 9.8
CVE-2018-19326 HIGH
Zyxel VMG1312-B10D <5.13(AAXA.8)C0 - Path Traversal
CVSS 7.5
CVE-2018-1797 MEDIUM
IBM WebSphere Application Server 7.0.0.0-7.0.0.45 - Path Traversal via ZIP Archive Extraction
CVSS 6.3
CVE-2018-0693 HIGH
FileZen 3.0.0-4.2.1 - Path Traversal and Arbitrary File Write
CVSS 7.5
CVE-2018-0673 HIGH
Cybozu Garoon 3.5.0-4.6.3 - Authenticated Path Traversal
CVSS 8.1
CVE-2018-8009 HIGH
Apache Hadoop Path Traversal via Zip Slip
CVSS 8.8
CVE-2018-19228 HIGH
LAOBANCMS 2.0 - Unauthenticated Arbitrary File Deletion via admin/pic.php del Parameter
CVSS 7.5
CVE-2018-1884 MEDIUM
IBM Case Manager Remote Code Execution via Zip Slip Directory Traversal
CVSS 4.8
Details
Vulnerabilities 9,267
Exploit Likelihood High