CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,268 vulnerabilities with CWE-22
CVE-2018-16831 MEDIUM
Smarty < 3.1.33 - Path Traversal via Trusted Directory Bypass
CVSS 5.9
CVE-2018-16774 HIGH
HongCMS 3.0.0 - Unauthenticated Arbitrary File Deletion via Language AJAX Endpoint
CVSS 7.5
CVE-2018-16059 MEDIUM
Endress+Hauser WirelessHART Fieldgate SWG70 3.x - Path Traversal via fcgi-bin/wgsetcgi filename Parameter
CVSS 5.3
CVE-2018-0660 LOW
hibara attachecase < 2.8.4.0 and <= 3.3.0.0 - Path Traversal via ATC File
CVSS 3.3
CVE-2018-0659 MEDIUM
hibara attachecase < 2.8.4.0 and <= 3.3.0.0 - Path Traversal via ATC File
CVSS 5.5
CVE-2018-1000801 MEDIUM
Okular < 18.08 - Path Traversal and Arbitrary File Write via Document Archive Extraction
CVSS 5.5
CVE-2018-1000659 HIGH
LimeSurvey <3.14.4 - Path Traversal
CVSS 8.8
CVE-2018-16549 MEDIUM
HScripts PHP File Browser Script 1.0 - Path Traversal via index.php path parameter
CVSS 5.3
CVE-2018-16437 MEDIUM
gxlcms 2.0 - Authenticated Path Traversal
CVSS 4.9
CVE-2018-16518 CRITICAL
Prim'X Zed! FREE < 1.0 & Zed! Limited Edition < 6.1 - Path Traversal & RCE via Watermark Loading
CVSS 9.8
CVE-2018-10926 HIGH
Redhat Virtualization Host < 3.12.14 - Path Traversal
CVSS 8.8
CVE-2018-0646 HIGH
Explzh < 7.58 - Path Traversal
CVSS 7.8
CVE-2018-16446 HIGH
SeaCMS <= 6.61 - Unauthenticated Arbitrary File Deletion via bakfiles Parameter
CVSS 7.5
CVE-2018-16367 CRITICAL
OnlineJudge 2.0 - Path Traversal and Arbitrary File Write
CVSS 9.9
CVE-2018-16344 HIGH
zzcms 8.3 - Unauthenticated Path Traversal and Arbitrary File Deletion via flv Parameter
CVSS 7.5
CVE-2018-16320 HIGH
idreamsoft iCMS 7.0.11 - Path Traversal and Arbitrary PHP Code Execution via admincp.php
CVSS 7.2
CVE-2018-3787 HIGH
simplehttpserver < 0.2.1 - Path Traversal
CVSS 7.5
CVE-2018-16237 LOW
damicms 6.0.1 - Path Traversal via Admin.php s Parameter
CVSS 2.7
CVE-2018-15745 HIGH
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
CVSS 7.5
CVE-2018-11720 HIGH
Xovis PC2, PC2R, and PC3 Firmware < 3.6.0 - Path Traversal
CVSS 7.5
CVE-2018-16141 MEDIUM
ThinkCMF X2.2.3 - Authenticated Arbitrary File Deletion via Profile Avatar imgurl Parameter
CVSS 6.5
CVE-2018-16133 MEDIUM
CyBroHttpServer 1.0.3 - Path Traversal via URI
CVSS 5.3
CVE-2018-15810 HIGH
Visiology Flipbox < 2.7.0 - Path Traversal via Filename Parameter
CVSS 7.5
CVE-2018-15695 MEDIUM
ASUSTOR Data Master <= 3.1.5 - Authenticated Path Traversal via wallpaper.cgi
CVSS 6.5
CVE-2018-15694 HIGH
ASUSTOR Data Master <= 3.1.5 - Authenticated Path Traversal and Arbitrary File Write
CVSS 7.5
Details
Vulnerabilities 9,268
Exploit Likelihood High