CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,275 vulnerabilities with CWE-22
CVE-2018-7442 CRITICAL
leptonica < 1.75.3 - Path Traversal and Arbitrary File Write via gplot rootname Argument
CVSS 9.1
CVE-2018-7300 CRITICAL
Homematic CCU2 Firmware < 2.29.22 - Unauthenticated Path Traversal and Arbitrary File Write via User.setLanguage Method
CVSS 9.8
CVE-2018-7296 MEDIUM
Homematic CCU2 Firmware < 2.29.22 - Unauthenticated Arbitrary File Read via User.getLanguage Method
CVSS 5.3
CVE-2018-5716 HIGH
Reprise License Manager 11.0 - Path Traversal
CVSS 8.1
CVE-2018-6356 MEDIUM
Jenkins < 2.107 and LTS < 2.89.4 - Path Traversal via Plugin Resource URL
CVSS 6.5
CVE-2018-7212 MEDIUM
sinatra 2.x < 2.0.1 - Path Traversal via Backslash Characters
CVSS 5.3
CVE-2018-1162 HIGH
Quest NetVault Backup 11.2.0.13 - DoS
CVSS 8.1
CVE-2018-0123 MEDIUM
Cisco IOS and IOS XE - Authenticated Path Traversal via Diagnostic Shell Commands
CVSS 5.5
CVE-2018-1299 HIGH
Apache Allura < 1.8.0 - Unauthenticated Arbitrary File Read via Path Traversal
CVSS 7.5
CVE-2018-6397 HIGH
Picture Calendar 3.1.4 - Path Traversal via List.php Folder Parameter
CVSS 7.5
CVE-2018-5997 CRITICAL
RAVPower Filehub 2.000.056 - Path Traversal and Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2018-5445 MEDIUM
Advantech WebAccess/SCADA <V8.2_20170817 - Path Traversal
CVSS 5.3
CVE-2018-1048 HIGH
JBoss EAP 7.1.0.GA - Path Traversal and Information Disclosure via AJP Connector
CVSS 7.5
CVE-2018-1047 MEDIUM
JBoss WildFly Application Server 9.x - Path Traversal via ServletResourceManager
CVSS 5.5
CVE-2018-6184 HIGH
ZEIT Next.js <4.2.3 - Path Traversal
CVSS 7.5
CVE-2018-6022 MEDIUM
NoneCMS <= 1.3.0 - Authenticated Path Traversal via param.path Parameter
CVSS 6.5
CVE-2018-5700 HIGH
Winmail Server <= 6.2 - Authenticated Remote Code Execution via Directory Traversal in netdisk.php
CVSS 8.8
CVE-2018-5310 MEDIUM
WordPress Media from FTP <9.85 - Path Traversal
CVSS 6.5
CVE-2018-5283 HIGH
Photos in Wifi <1.0.1 - Path Traversal
CVSS 7.5
CVE-2018-5291 HIGH
GD Rating System <2.3 - Path Traversal
CVSS 7.5
CVE-2018-5290 HIGH
GD Rating System <2.3 - Path Traversal
CVSS 7.5
CVE-2018-5289 HIGH
GD Rating System <2.3 - Path Traversal
CVSS 7.5
CVE-2018-5287 HIGH
GD Rating System <2.3 - Path Traversal
CVSS 7.5
CVE-2017-20250 HIGH
WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download
CVSS 7.5
CVE-2017-20248 HIGH
WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download
CVSS 7.5
Details
Vulnerabilities 9,275
Exploit Likelihood High