CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,268 vulnerabilities with CWE-22
CVE-2018-17444 HIGH
Citrix NetScaler SD-WAN 9.3.0-9.3.5 and 10.0.0-10.0.3 - Path Traversal
CVSS 7.5
CVE-2018-14806 CRITICAL
Advantech WebAccess <8.3.1 - Path Traversal
CVSS 9.8
CVE-2018-18586 MEDIUM
libmspack - Directory Traversal in chmextract Sample Program
CVSS 5.3
CVE-2018-18485 HIGH
PHPSHE 1.7 - Unauthenticated Path Traversal and Arbitrary File Deletion via dbname Parameter
CVSS 7.5
CVE-2018-0420 MEDIUM
Cisco Wireless LAN Controller Software - Authenticated Path Traversal via HTTP Request Parameters
CVSS 6.5
CVE-2018-10824 CRITICAL
D-Link DWR-116/DIR-140L/DIR-640L/DWR-512/DWR-712/DWR-912/DWR-921/DWR-111 - Password Exposure via Path Traversal
CVSS 9.8
CVE-2018-10822 HIGH
D-Link DWR-116/DIR-140L/DIR-640L/DWR-512/DWR-712/DWR-912/DWR-921/DWR-111 Firmware - Path Traversal via UIR HTTP Request
CVSS 7.5
CVE-2018-18434 HIGH
litemall 0.9.0 - Path Traversal and Arbitrary File Download via WxStorageController
CVSS 7.5
CVE-2018-17899 HIGH
LAquis SCADA <4.1.0.3870 - Path Traversal
CVSS 8.8
CVE-2018-15540 CRITICAL
Agentejo Cockpit - Path Traversal via /media/api Endpoint
CVSS 9.8
CVE-2018-1744 HIGH
IBM Security Key Lifecycle Manager 2.5-2.5.0.9 - Path Traversal via URL Request
CVSS 7.7
CVE-2018-18323 HIGH
Webpanel - Path Traversal
CVSS 7.5
CVE-2018-1770 MEDIUM
IBM WebSphere Application Server 7.0.0.0-7.0.0.44 - Path Traversal via Dot-Dot Sequences
CVSS 6.5
CVE-2018-18257 HIGH
BageCMS 3.1.3 - Unauthenticated Path Traversal and Arbitrary File Deletion via Template Batch Endpoint
CVSS 7.5
CVE-2018-12542 CRITICAL
Eclipse Vert.x <3.5.3 - Path Traversal
CVSS 9.8
CVE-2018-8495 HIGH
Windows 10 and Windows Server 2016 - Remote Code Execution via URI Handling
CVSS 7.5
CVE-2018-0405 HIGH
Cisco RV180W and RV220W - Unauthenticated Path Traversal via HTTP Request Parameters
CVSS 7.5
CVE-2018-0464 HIGH
Cisco Prime Data Center Network Manager - Authenticated Path Traversal and Arbitrary File Write via Management Interface
CVSS 8.1
CVE-2018-0426 CRITICAL
Cisco RV110W RV130W RV215W - Unauthenticated Path Traversal and Arbitrary File Read
CVSS 9.8
CVE-2018-1649 HIGH
IBM QRadar Incident Forensics <7.3 - Path Traversal
CVSS 7.7
CVE-2018-16457 MEDIUM
Open Source Real-estate Script 3.6.2 - Path Traversal
CVSS 5.3
CVE-2018-17553 HIGH
Navigate CMS 2.8 - Authenticated Remote Code Execution via Directory Traversal in navigate_upload.php
CVSS 8.8
CVE-2018-12473 LOW
Open Build Service <70d1aa4cc4- Path Traversal
CVSS 3.1
CVE-2018-17838 HIGH
JTBC(PHP) <3.0.1.6 - Info Disclosure
CVSS 7.5
CVE-2018-17837 HIGH
JTBC(PHP) <3.0.1.6 - Path Traversal
CVSS 7.5
Details
Vulnerabilities 9,268
Exploit Likelihood High