CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,271 vulnerabilities with CWE-22
CVE-2018-3712 MEDIUM
serve < 6.4.9 - Path Traversal via URL-Encoded Dot-Slash Sequences
CVSS 6.5
CVE-2018-10057 MEDIUM
cgminer 4.10.0-bfgminer 5.5.0 - Path Traversal
CVSS 6.5
CVE-2018-1000194 HIGH
Jenkins < 2.120 and LTS < 2.107.2 - Path Traversal and Arbitrary File Write via FilePath and SoloFilePathFilter
CVSS 8.1
CVE-2018-8008 MEDIUM
Apache Storm <1.0.6, <1.2.1, <1.1.2 - Path Traversal
CVSS 5.5
CVE-2018-10615 HIGH
GE MDS PulseNET <3.2.1 - Path Traversal
CVSS 8.1
CVE-2018-11141 CRITICAL
Quest KACE System Management Appliance 8.0.318 - Path Traversal and Arbitrary File Write via IMAGES_JSON Parameter
CVSS 9.8
CVE-2018-11137 MEDIUM
Quest KACE System Management Appliance 8.0.318 - Unauthenticated Path Traversal via checksum Parameter
CVSS 6.5
CVE-2018-11235 HIGH
Debian Linux < 2.13.6 - Path Traversal
CVSS 7.8
CVE-2018-3744 CRITICAL
html-pages - Path Traversal via cURL
CVSS 9.8
CVE-2018-3734 HIGH
stattic < 0.3.0 - Path Traversal
CVSS 7.5
CVE-2018-3733 HIGH
crud-file-server < 0.9.0 - Path Traversal via URL Validation Bypass
CVSS 7.5
CVE-2018-6409 MEDIUM
MachForm < 4.2.3 - Path Traversal via download.php q Parameter
CVSS 5.3
CVE-2018-11495 MEDIUM
OpenCart < 3.0.2.0 - Path Traversal via Download ID Parameter
CVSS 4.9
CVE-2018-11494 HIGH
OpenCart < 3.0.2.0 - Arbitrary Code Execution via Program Extension Upload Directory Traversal
CVSS 8.0
CVE-2018-11413 MEDIUM
BearAdmin 0.5 - Unauthenticated Path Traversal via Databack Download Endpoint
CVSS 6.5
CVE-2018-10357 HIGH
Trend Micro Endpoint Application Control 2.0 - Path Traversal
CVSS 8.8
CVE-2018-11344 MEDIUM
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Path Traversal via download.cgi file1 Parameter
CVSS 6.5
CVE-2018-11342 MEDIUM
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Path Traversal via fileExplorer.cgi dest_folder Parameter
CVSS 4.3
CVE-2018-11341 HIGH
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Path Traversal via importuser.cgi filename Parameter
CVSS 7.2
CVE-2018-11319 HIGH
syntastic < 3.9.0 - Arbitrary Code Execution via Configuration File Path Traversal
CVSS 7.5
CVE-2018-11248 CRITICAL
FileDownloader 1.7.3 - Path Traversal via Attachment File Name
CVSS 9.8
CVE-2018-0323 MEDIUM
Cisco Enterprise NFV Infrastructure Software - Authenticated Path Traversal via Web Management Interface
CVSS 6.5
CVE-2018-7503 HIGH
Advantech WebAccess < 8.2_20170817, Dashboard < 2.0.15, Scada Node < 8.3.1, NMS < 2.0.3 - Path Traversal
CVSS 7.5
CVE-2018-7495 HIGH
Advantech WebAccess <8.3.1 - File Name/Path Vuln
CVSS 7.5
CVE-2018-10589 CRITICAL
Advantech WebAccess <8.3.1 - Path Traversal
CVSS 9.8
Details
Vulnerabilities 9,271
Exploit Likelihood High