CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,267 vulnerabilities with CWE-22
CVE-2018-19197
MEDIUM
xiaocms 20141229 - Unauthenticated Directory Deletion via Database Import Path Traversal
CVSS 4.9
CVE-2018-19181
HIGH
YUNUCMS 1.1.5 - Arbitrary File Deletion via UEditor Controller Key Parameter
CVSS 7.5
CVE-2018-19124
HIGH
PrestaShop 1.6.0.1-1.6.1.22 and 1.7.x < 1.7.4.4 - Arbitrary File Write via Image Upload
CVSS 7.5
CVE-2018-15450
MEDIUM
Cisco Prime Collaboration Assurance - Authenticated Arbitrary File Write via UI Input Field
CVSS 6.5
CVE-2018-19052
HIGH
lighttpd < 1.4.50 - Path Traversal via Alias Configuration
CVSS 7.5
CVE-2018-16475
HIGH
Knightjs <= 0.0.1 - Path Traversal
CVSS 7.5
CVE-2018-16473
MEDIUM
takeapeek <= 0.2.2 - Path Traversal
CVSS 5.3
CVE-2018-9459
HIGH
Android - Path Traversal in Attachment Handling
CVSS 8.8
CVE-2018-9445
MEDIUM
Android 6.0-8.1 - Path Traversal in Utils.cpp readMetadata
CVSS 6.8
CVE-2018-18950
HIGH
KindEditor < 4.1.11 - Unauthenticated Path Traversal via php/upload_json.php path Parameter
CVSS 7.5
CVE-2018-18936
HIGH
PopojiCMS 2.0.1 - Unauthenticated Arbitrary File Deletion via Library Delete Parameter
CVSS 7.5
CVE-2018-18777
MEDIUM
Microstrategy Web 7 - Authenticated Path Traversal via subpage Parameter
CVSS 4.3
CVE-2018-18890
MEDIUM
MiniCMS 1.10 - Path Traversal via Invalid Filename in Post Deletion
CVSS 5.3
CVE-2018-15706
MEDIUM
Advantech WebAccess 8.3.1-8.3.2 - Authenticated Path Traversal via WADashboard readFile API
CVSS 6.5
CVE-2018-15705
MEDIUM
Advantech WebAccess 8.3.1-8.3.2 - Authenticated Path Traversal and Arbitrary File Write via WADashboard writeFile API
CVSS 6.5
CVE-2018-11759
HIGH
Apache Tomcat JK Connector 1.2.0-1.2.44 - Path Traversal via Request Path Normalization
CVSS 7.5
CVE-2018-14654
MEDIUM
Gluster <4.1.4 - Privilege Escalation
CVSS 6.5
CVE-2018-18869
CRITICAL
EmpireCMS V7.5 - Remote Code Execution via Path Traversal in ecmscom.php Path Parameter
CVSS 9.8
CVE-2018-18831
HIGH
MCMS 4.6.5 - Path Traversal and Arbitrary File Write via URL Parameter
CVSS 7.5
CVE-2018-18713
HIGH
phpyun 4.6 - Path Traversal via m=database&c=down_sql&name Parameter
CVSS 7.5
CVE-2018-18703
HIGH
PhpTpoint Mailing Server Using File Handling 1.0 - Unauthenticated Arbitrary File Read via Directory Traversal
CVSS 7.5
CVE-2018-18552
MEDIUM
ServersCheck Monitoring Software <= 14.3.3 - Path Traversal and Denial of Service via sensor_details.html id Parameter
CVSS 6.5
CVE-2018-15750
MEDIUM
SaltStack Salt < 2017.7.8 and 2018.3.x < 2018.3.3 - Directory Traversal in salt-api
CVSS 5.3
CVE-2018-7431
MEDIUM
Splunk Enterprise 6.0.0-6.5.2 & Light <6.6.0 Authenticated Path Traversal
CVSS 6.5
CVE-2018-17444
HIGH
Citrix NetScaler SD-WAN 9.3.0-9.3.5 and 10.0.0-10.0.3 - Path Traversal
CVSS 7.5
Details
Vulnerabilities
9,267
Exploit Likelihood
High