CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,275 vulnerabilities with CWE-22
CVE-2018-0542 HIGH
WebProxy 1.7.8 - Path Traversal
CVSS 7.5
CVE-2018-8909 HIGH
Wire < 2018-03-07 - Path Traversal via Filename with ../ Sequence
CVSS 7.5
CVE-2018-3710 HIGH
GitLab 8.9.0-9.5.9 - Remote Code Execution via Insecure Temporary File in Project Import
CVSS 7.8
CVE-2018-7422 HIGH
Site Editor < 1.1.1 - Local File Inclusion via ajax_path Parameter
CVSS 7.5
CVE-2018-8741 HIGH
SquirrelMail 1.4.22 - Path Traversal
CVSS 8.8
CVE-2018-7706 MEDIUM
SecurEnvoy SecurMail <9.2.501 - Path Traversal
CVSS 6.5
CVE-2018-7705 HIGH
SecurEnvoy SecurMail <9.2.501 - Path Traversal
CVSS 8.1
CVE-2018-8712 CRITICAL
Webmin 1.840 and 1.880 - Unauthenticated Arbitrary File Read via Log File Viewer
CVSS 9.8
CVE-2018-2366 MEDIUM
SAP Business Process Automation By Redwood 9.0 9.1 - Path Traversal
CVSS 4.3
CVE-2018-1000083 MEDIUM
Ajenti 2 - Path Traversal via Malformed JSON Login Request
CVSS 5.3
CVE-2018-1000079 MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Directory Traversal via Malicious Gem Installation
CVSS 5.5
CVE-2018-1323 HIGH
Apache Tomcat JK Connector 1.2.0-1.2.42 - Path Traversal via IIS/ISAPI Request Path Normalization
CVSS 7.5
CVE-2018-0525 MEDIUM
Jubatus < 1.0.2 - Path Traversal
CVSS 5.3
CVE-2018-6810 HIGH
NetScaler ADC and Gateway 10.5, 11.0, 11.1, 12.0 - Path Traversal
CVSS 7.5
CVE-2018-1316 HIGH
Apache ODE 1.1.1-1.3.2 - Path Traversal and Arbitrary File Write via Process Deployment Web Service
CVSS 7.5
CVE-2018-7654 MEDIUM
3CX 15.5.6354.2 - Path Traversal via RecordingList Download API
CVSS 6.5
CVE-2018-7586 HIGH
NextGEN Gallery < 2.2.46 - Path Traversal
CVSS 7.5
CVE-2018-2380 MEDIUM KEV
SAP CRM 7.01-7.02, 7.30-7.31, 7.33, 7.54 - Path Traversal
CVSS 6.6
CVE-2018-2367 HIGH
SAP BASIS 7.00-7.02, 7.10-7.11, 7.30, 7.31, 7.40, 7.50-7.52 - Path Traversal in ABAP File Interface
CVSS 8.8
CVE-2018-7482 HIGH
Joomlaworks K2 - Path Traversal
CVSS 7.5
CVE-2018-7467 HIGH
AxxonSoft Next - Path Traversal via Initial /css//..%2f Substring in URI
CVSS 7.5
CVE-2018-7172 MEDIUM
WonderCMS < 2.4.0 - Unauthenticated Arbitrary File Deletion via Directory Traversal
CVSS 4.9
CVE-2018-7490 HIGH
uWSGI < 2.0.17 - Path Traversal via --php-docroot Option
CVSS 7.5
CVE-2018-7486 HIGH
Blueriver Muracms < 7.0.7029 - Path Traversal
CVSS 7.2
CVE-2018-7434 MEDIUM
zzcms 8.2 - Path Traversal via Direct Request to ErrorCase.class.php or friend.php
CVSS 5.3
Details
Vulnerabilities 9,275
Exploit Likelihood High