CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,271 vulnerabilities with CWE-22
CVE-2018-9850 HIGH
gxlcms_qy v1.0.0713 - Unauthenticated Path Traversal and Arbitrary File Deletion via Admin-Data-del id Parameter
CVSS 7.5
CVE-2018-9331 HIGH
zzcms 8.2 - Unauthenticated Arbitrary File Deletion via Directory Traversal in adv.php oldimg Parameter
CVSS 7.5
CVE-2018-1271 MEDIUM
Spring Framework 4.3.0-4.3.14 - Path Traversal via Static Resource Request
CVSS 5.9
CVE-2018-9205 HIGH
Drupal Avatar Uploader 7.x-1.0-beta8 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2018-8780 CRITICAL
Ruby <2.2.10-2.6.0 - Path Traversal
CVSS 9.1
CVE-2018-6914 HIGH
Ruby Directory Traversal via Dir.mktmpdir Prefix Argument
CVSS 7.5
CVE-2018-6660 MEDIUM
McAfee ePolicy Orchestrator 5.3.0-5.3.2 and 5.9.0 - Path Traversal via Windows Alternate Data Streams
CVSS 6.2
CVE-2018-9159 MEDIUM
sparkjava/spark < 2.7.2 - Path Traversal via File URL
CVSS 5.3
CVE-2018-7171 HIGH
Twonky Server 7.0.11-8.5 - Directory Traversal via contentbase Parameter
CVSS 7.5
CVE-2018-3822 CRITICAL
X-Pack Security 6.2.0-6.2.2 - User Impersonation via XML Canonicalization and DOM Traversal
CVSS 9.8
CVE-2018-9117 MEDIUM
WireMock < 2.16.0 - Unauthenticated Path Traversal via XML Request
CVSS 5.3
CVE-2018-9110 CRITICAL
Studio 42 elFinder < 2.1.37 - Path Traversal and Arbitrary File Deletion via zipdl() Function
CVSS 9.1
CVE-2018-9109 CRITICAL
Studio 42 elFinder < 2.1.36 - Path Traversal and Arbitrary File Deletion via zipdl() Function
CVSS 9.1
CVE-2018-1266 HIGH
Cloudfoundry Capi-release < 1.52.0 - Path Traversal
CVSS 8.1
CVE-2018-1204 MEDIUM
Dell EMC Isilon OneFS Path Traversal in isi_phone_home
CVSS 6.7
CVE-2018-9010 HIGH
Intelbras TIP200/TIP200 LITE Firmware 60.0.75.29 - Authenticated Path Traversal via CGI Parameter
CVSS 7.2
CVE-2018-7719 HIGH
Acrolinx Server <5.2.5 - Path Traversal
CVSS 7.5
CVE-2018-8969 HIGH
zzcms 8.2 - Unauthenticated Arbitrary File Deletion via oldimg Parameter
CVSS 7.5
CVE-2018-8968 HIGH
zzcms 8.2 - Unauthenticated Path Traversal and Arbitrary File Deletion via oldimg or oldflv Parameter
CVSS 7.5
CVE-2018-8965 HIGH
zzcms 8.2 - Path Traversal and Arbitrary File Deletion via ppsave.php oldimg Parameter
CVSS 7.5
CVE-2018-1211 HIGH
Dell EMC iDRAC7/iDRAC8 < 2.52.52.52 - Unauthenticated Path Traversal via Web Server URI Parser
CVSS 7.5
CVE-2018-0542 HIGH
WebProxy 1.7.8 - Path Traversal
CVSS 7.5
CVE-2018-8909 HIGH
Wire < 2018-03-07 - Path Traversal via Filename with ../ Sequence
CVSS 7.5
CVE-2018-3710 HIGH
GitLab 8.9.0-9.5.9 - Remote Code Execution via Insecure Temporary File in Project Import
CVSS 7.8
CVE-2018-7422 HIGH
Site Editor < 1.1.1 - Local File Inclusion via ajax_path Parameter
CVSS 7.5
Details
Vulnerabilities 9,271
Exploit Likelihood High