CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,271 vulnerabilities with CWE-22
CVE-2018-12560 MEDIUM
Cantata < 2.3.1 - Unauthenticated Arbitrary Unmount via Directory Traversal
CVSS 6.5
CVE-2018-12559 HIGH
Cantata < 2.3.1 - Path Traversal via D-Bus Mount Target
CVSS 8.8
CVE-2018-12530 MEDIUM
MetInfo 6.0.0 - Unauthenticated Path Traversal and Arbitrary File Deletion via CSV Import Filename Parameter
CVSS 6.5
CVE-2018-5755 MEDIUM
Open-Xchange OX App Suite <7.6.3-rev3-7.8.4-rev4 - Path Traversal
CVSS 5.5
CVE-2018-12494 MEDIUM
PublicCMS V4.0.20180210 - Path Traversal
CVSS 6.5
CVE-2018-12493 MEDIUM
PublicCMS V4.0.20180210 - Path Traversal
CVSS 6.5
CVE-2018-0496 HIGH
DFArc and DFArc2 < 3.14 - Path Traversal and Arbitrary File Write via D-Mod Extractor
CVSS 7.5
CVE-2018-1103 MEDIUM
Openshift Enterprise <1.1.10 - Code Injection
CVSS 6.1
CVE-2018-12054 HIGH
PHP Scripts Mall Schools Alert Mgt - Path Traversal
CVSS 7.5
CVE-2018-12053 HIGH
PHP Scripts Mall Schools Alert Mgmt - Path Traversal
CVSS 7.5
CVE-2018-3758 HIGH
express-cart < 1.1.7 - Authenticated Path Traversal and Remote Code Execution
CVSS 8.8
CVE-2018-12042 HIGH
Roxy Fileman <v1.4.5 - Path Traversal
CVSS 7.5
CVE-2018-12036 HIGH
OWASP Dependency-Check <3.2.0 - Path Traversal
CVSS 7.8
CVE-2018-12031 CRITICAL
Eaton Intelligent Power Manager <1.6 - Path Traversal
CVSS 9.8
CVE-2018-0296 HIGH KEV
Cisco ASA & FTD - Unauthenticated DoS & Info Disclosure via HTTP URL
CVSS 7.5
CVE-2018-3732 HIGH
resolve-path < 1.4.0 - Path Traversal via Special Character Bypass
CVSS 7.5
CVE-2018-3731 HIGH
public.js < 0.1.3 - Path Traversal via filePath Parameter
CVSS 7.5
CVE-2018-3730 HIGH
mcstatic - Path Traversal via filePath Parameter
CVSS 7.5
CVE-2018-3729 HIGH
localhost-now < 1.0.2 - Path Traversal via File Path Validation Bypass
CVSS 7.5
CVE-2018-3727 HIGH
626 - Path Traversal via File Parameter
CVSS 7.5
CVE-2018-3725 HIGH
hekto < 0.2.3 - Path Traversal via File Parameter
CVSS 7.5
CVE-2018-3724 HIGH
general-file-server - Path Traversal via currpath Parameter
CVSS 7.5
CVE-2018-3715 MEDIUM
glance < 3.0.4 - Path Traversal via Unvalidated Path Input
CVSS 6.5
CVE-2018-3714 MEDIUM
node-srv < 2.1.1 - Path Traversal via URL Parameter
CVSS 6.5
CVE-2018-3713 MEDIUM
angular-http-server < 1.6.0 - Path Traversal via possibleFilename
CVSS 6.5
Details
Vulnerabilities 9,271
Exploit Likelihood High