CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,271 vulnerabilities with CWE-22
CVE-2018-1263 MEDIUM
Spring Integration Zip < 1.0.2 - Arbitrary File Write via Path Traversal in Archive Extraction
CVSS 4.7
CVE-2018-0588 HIGH
Ultimatemember User Profile & Membership < 2.0.4 - Path Traversal
CVSS 7.5
CVE-2018-0586 MEDIUM
Ultimatemember User Profile & Membership < 2.0.4 - Path Traversal
CVSS 4.3
CVE-2018-1261 MEDIUM
Spring Integration Zip < 1.0.1 - Arbitrary File Write via Path Traversal in Archive Extraction
CVSS 4.7
CVE-2018-7933 HIGH
Huawei HiRouter-CD20 <1.9.6 & WS5200-10 <1.9.6 - Path Traversal
CVSS 7.8
CVE-2018-1000175 MEDIUM
Jenkins HTML Publisher Plugin <1.15 - Path Traversal
CVSS 6.5
CVE-2018-5448 MEDIUM
Medtronic 2090 CareLink Programmer Firmware - Path Traversal
CVSS 4.8
CVE-2018-8003 MEDIUM
Apache Ambari <2.6.1 - Path Traversal
CVSS 5.3
CVE-2018-0258 CRITICAL
Cisco Prime DCNM & Infrastructure - Path Traversal & Arbitrary File Write via File Upload
CVSS 9.8
CVE-2018-1102 HIGH
Openshift Enterprise 3.x - Privilege Escalation
CVSS 8.8
CVE-2018-10553 MEDIUM
Nagios XI 5.4.13 - Authenticated Path Traversal via xiwindow Parameter
CVSS 6.5
CVE-2018-7669 HIGH
Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above - Path Traversal via Log Viewer File Parameter
CVSS 7.5
CVE-2018-9921 MEDIUM
CMS Made Simple 2.2.7 - Path Traversal via Admin Checksum Endpoint
CVSS 5.3
CVE-2018-10176 MEDIUM
Digital Guardian Management Console <7.1.2.0015 - Path Traversal
CVSS 6.5
CVE-2018-10201 HIGH
NComputing vSpace Pro <11 - Info Disclosure
CVSS 7.5
CVE-2018-1000161 MEDIUM
nmap 6.49BETA6-7.60 - Path Traversal in NSE Script http-fetch
CVSS 5.7
CVE-2018-5337 CRITICAL
Zoho ManageEngine Desktop Central <10.0.184 - Path Traversal
CVSS 9.8
CVE-2018-7539 CRITICAL
Appear TV XC5000 and XC5100 Firmware 3.26.217 - Path Traversal via Maintenance Center HTTP Request
CVSS 9.8
CVE-2018-5430 HIGH KEV
TIBCO JasperReports Server - Info Disclosure
CVSS 8.8
CVE-2018-10122 HIGH
QingDao Nature Easy Soft Chanzhi Enterprise Portal System pro1.6 - Path Traversal via File.php Pathname Parameter
CVSS 7.5
CVE-2018-10083 HIGH
CMS Made Simple < 2.2.7 - Arbitrary File Deletion via Directory Traversal in FilePicker Module
CVSS 7.5
CVE-2018-1079 HIGH
pacemaker_command_line_interface < 0.9.164 - Authenticated Arbitrary File Write via REST /remote/put_file
CVSS 8.7
CVE-2018-9118 HIGH
99 Robots WP Background Takeover Advertisements < 4.1.5 - Path Traversal via Filename Parameter
CVSS 7.5
CVE-2018-9038 MEDIUM
Monstra CMS 3.0.4 - Unauthenticated Arbitrary File Deletion via Files Manager
CVSS 6.5
CVE-2018-9851 HIGH
gxlcms_qy 1.0.0713 - Path Traversal via Admin-Tpl Request
CVSS 7.5
Details
Vulnerabilities 9,271
Exploit Likelihood High