CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,271 vulnerabilities with CWE-22
CVE-2018-9850
HIGH
gxlcms_qy v1.0.0713 - Unauthenticated Path Traversal and Arbitrary File Deletion via Admin-Data-del id Parameter
CVSS 7.5
CVE-2018-9331
HIGH
zzcms 8.2 - Unauthenticated Arbitrary File Deletion via Directory Traversal in adv.php oldimg Parameter
CVSS 7.5
CVE-2018-1271
MEDIUM
Spring Framework 4.3.0-4.3.14 - Path Traversal via Static Resource Request
CVSS 5.9
CVE-2018-9205
HIGH
Drupal Avatar Uploader 7.x-1.0-beta8 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2018-8780
CRITICAL
Ruby <2.2.10-2.6.0 - Path Traversal
CVSS 9.1
CVE-2018-6914
HIGH
Ruby Directory Traversal via Dir.mktmpdir Prefix Argument
CVSS 7.5
CVE-2018-6660
MEDIUM
McAfee ePolicy Orchestrator 5.3.0-5.3.2 and 5.9.0 - Path Traversal via Windows Alternate Data Streams
CVSS 6.2
CVE-2018-9159
MEDIUM
sparkjava/spark < 2.7.2 - Path Traversal via File URL
CVSS 5.3
CVE-2018-7171
HIGH
Twonky Server 7.0.11-8.5 - Directory Traversal via contentbase Parameter
CVSS 7.5
CVE-2018-3822
CRITICAL
X-Pack Security 6.2.0-6.2.2 - User Impersonation via XML Canonicalization and DOM Traversal
CVSS 9.8
CVE-2018-9117
MEDIUM
WireMock < 2.16.0 - Unauthenticated Path Traversal via XML Request
CVSS 5.3
CVE-2018-9110
CRITICAL
Studio 42 elFinder < 2.1.37 - Path Traversal and Arbitrary File Deletion via zipdl() Function
CVSS 9.1
CVE-2018-9109
CRITICAL
Studio 42 elFinder < 2.1.36 - Path Traversal and Arbitrary File Deletion via zipdl() Function
CVSS 9.1
CVE-2018-1266
HIGH
Cloudfoundry Capi-release < 1.52.0 - Path Traversal
CVSS 8.1
CVE-2018-1204
MEDIUM
Dell EMC Isilon OneFS Path Traversal in isi_phone_home
CVSS 6.7
CVE-2018-9010
HIGH
Intelbras TIP200/TIP200 LITE Firmware 60.0.75.29 - Authenticated Path Traversal via CGI Parameter
CVSS 7.2
CVE-2018-7719
HIGH
Acrolinx Server <5.2.5 - Path Traversal
CVSS 7.5
CVE-2018-8969
HIGH
zzcms 8.2 - Unauthenticated Arbitrary File Deletion via oldimg Parameter
CVSS 7.5
CVE-2018-8968
HIGH
zzcms 8.2 - Unauthenticated Path Traversal and Arbitrary File Deletion via oldimg or oldflv Parameter
CVSS 7.5
CVE-2018-8965
HIGH
zzcms 8.2 - Path Traversal and Arbitrary File Deletion via ppsave.php oldimg Parameter
CVSS 7.5
CVE-2018-1211
HIGH
Dell EMC iDRAC7/iDRAC8 < 2.52.52.52 - Unauthenticated Path Traversal via Web Server URI Parser
CVSS 7.5
CVE-2018-0542
HIGH
WebProxy 1.7.8 - Path Traversal
CVSS 7.5
CVE-2018-8909
HIGH
Wire < 2018-03-07 - Path Traversal via Filename with ../ Sequence
CVSS 7.5
CVE-2018-3710
HIGH
GitLab 8.9.0-9.5.9 - Remote Code Execution via Insecure Temporary File in Project Import
CVSS 7.8
CVE-2018-7422
HIGH
Site Editor < 1.1.1 - Local File Inclusion via ajax_path Parameter
CVSS 7.5
Details
Vulnerabilities
9,271
Exploit Likelihood
High