CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,268 vulnerabilities with CWE-22
CVE-2018-15536 MEDIUM
tecrail Responsive FileManager < 9.13.4 - Path Traversal and Arbitrary File Write via Archive Extraction
CVSS 5.5
CVE-2018-15535 HIGH
tecrail Responsive FileManager < 9.13.4 - Path Traversal via get_file Parameter
CVSS 7.5
CVE-2018-14795 HIGH
Emerson DeltaV 11.3.1 12.3.1 13.3.0 13.3.1 R5 - Path Traversal
CVSS 8.8
CVE-2018-1656 HIGH
IBM SDK Java Technology Edition 6.0, 7.0, 8.0 - Path Traversal in Diagnostic Tooling Framework
CVSS 7.4
CVE-2018-1000647 HIGH
LibreHealthIO lh-ehr <REL-2.0.0 - Privilege Escalation
CVSS 7.1
CVE-2018-15495 HIGH
Responsive FileManager < 9.13.3 - Path Traversal and Server-Side Request Forgery via URL Parameter
CVSS 7.5
CVE-2018-10510 CRITICAL
Trend Micro Control Manager <7.0 - RCE
CVSS 9.8
CVE-2018-14007 CRITICAL
Citrix XenServer <7.1 - Path Traversal
CVSS 9.8
CVE-2018-15138 HIGH
Ericsson-LG iPECS NMS 30M - Path Traversal
CVSS 7.5
CVE-2018-10917 MEDIUM
pulp < 2.16.0 - Path Traversal and Arbitrary File Write
CVSS 6.8
CVE-2018-14429 HIGH
man-cgi < 1.16 - Local File Inclusion via Absolute Path Traversal
CVSS 7.5
CVE-2018-7098 HIGH
HP 3PAR Service Processor < SP-4.4.0.GA-110(MU7) - Path Traversal
CVSS 8.4
CVE-2018-15142 HIGH
OpenEMR < 5.0.1.4 - Authenticated Path Traversal and Arbitrary PHP File Write via Patient Portal Import Template
CVSS 8.8
CVE-2018-15141 MEDIUM
OpenEMR < 5.0.1.4 - Authenticated Path Traversal via Patient Portal Import Template
CVSS 6.5
CVE-2018-15140 MEDIUM
OpenEMR < 5.0.1.4 - Authenticated Path Traversal via Patient Portal Import Template
CVSS 6.5
CVE-2018-11455 HIGH
Automation License Manager < 5.3.4.4 and < 6.0.1 - Path Traversal and Arbitrary File Write
CVSS 8.8
CVE-2018-7092 HIGH
HPE Intelligent Management Center Platform 7.3 E0506P09 - Remote Path Traversal and Arbitrary File Deletion
CVSS 7.5
CVE-2018-14942 HIGH
Harmonic NSG 9000 Firmware - Authenticated Path Traversal via EMULATION_GET_FILE or EMULATION_EXPORT Endpoint
CVSS 8.8
CVE-2018-14927 MEDIUM
Matera Banco 1.0.0 - Path Traversal
CVSS 5.3
CVE-2018-14912 HIGH
cgit < 1.2.1 - Path Traversal via git/objects/?path=../ Request
CVSS 7.5
CVE-2018-14847 CRITICAL KEV
MikroTik RouterOS <6.42 - Path Traversal
CVSS 9.1
CVE-2018-10897 HIGH
yum-utils < 1.1.31 - Path Traversal via Remote Repository Configuration
CVSS 8.1
CVE-2018-12939 MEDIUM
SeedDMS < 5.1.8 - Authenticated Path Traversal and Arbitrary File Write via qquuid Parameter
CVSS 6.5
CVE-2018-10862 MEDIUM
Redhat Virtualization < 5.0.0 - Path Traversal
CVSS 5.5
CVE-2018-0617 HIGH
ChamaNet MemoCGI 2.1800-2.2200 - Path Traversal
CVSS 7.5
Details
Vulnerabilities 9,268
Exploit Likelihood High