CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,275 vulnerabilities with CWE-22
CVE-2017-20212 MEDIUM
FLIR Thermal Camera F/FC/PT/D <8.0.0.64 - Info Disclosure
CVSS 6.2
CVE-2017-20184 HIGH
Carlo Gavazzi Powersoft <2.1.1.1 - Path Traversal
CVSS 7.5
CVE-2017-20181 MEDIUM
hgzojer Vocable Trainer <1.3.0 - Path Traversal
CVSS 5.3
CVE-2017-20152 LOW
imageserve - Path Traversal in File Handler via filelocation Parameter
CVSS 3.1
CVE-2017-20145 MEDIUM
Tecrail Responsive Filemanger <9.10.x - Path Traversal
CVSS 6.3
CVE-2017-20105 MEDIUM
Simplessus 3.7.7 - Path Traversal via Path Parameter
CVSS 5.4
CVE-2017-20102 MEDIUM
Album Lock 4.0 - Path Traversal via getImage filePath Parameter
CVSS 4.4
CVE-2017-15684 HIGH
Crafter CMS Crafter Studio 3.0.1 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2017-15681 CRITICAL
Crafter CMS Crafter Studio 3.0.1 - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2017-18912 CRITICAL
Mattermost Server <3.8.2-3.6.7 - Path Traversal
CVSS 9.8
CVE-2017-18874 MEDIUM
Mattermost Server <4.3.0-4.1.2 - Path Traversal
CVSS 6.5
CVE-2017-18824 LOW
NETGEAR M4300 and M4200 Firmware < 12.0.2.15 - Path Traversal
CVSS 3.3
CVE-2017-18636 HIGH
esafenet CDG < 2017-01-01 - Path Traversal via downloadDocument.jsp pathAndName Parameter
CVSS 7.5
CVE-2017-18585 HIGH
WordPress posts-in-page <1.3.0 - Path Traversal
CVSS 8.1
CVE-2017-18586 CRITICAL
insert-pages < 3.2.4 - Path Traversal via Custom Template Paths
CVSS 9.1
CVE-2017-18448 MEDIUM
cPanel 55.9999.61-64.0.20 - Path Traversal via Serverinfo_manpage API
CVSS 5.3
CVE-2017-9386 MEDIUM
Vera VeraEdge <1.7.19, Veralite <1.7.481 - Path Traversal
CVSS 6.5
CVE-2017-9382 MEDIUM
Vera VeraEdge <1.7.19, Veralite <1.7.481 - Info Disclosure
CVSS 6.5
CVE-2017-18354 HIGH
Rendertron 1.0.0 - Local File Inclusion via File Protocol Handler
CVSS 7.5
CVE-2017-2627 HIGH
OpenStack TripleO Common - Path Traversal and Privilege Escalation via Sudoers Wildcard Misconfiguration
CVSS 8.2
CVE-2017-16744 HIGH
Tridium Niagara AX <3.8 & Niagara 4 <4.4 - Path Traversal
CVSS 7.2
CVE-2017-1749 MEDIUM
IBM UrbanCode Deploy 6.1-6.9.6.0 - Unauthenticated Path Traversal
CVSS 5.3
CVE-2017-16654 HIGH
Symfony <4.0-BETA5 - Path Traversal
CVSS 7.5
CVE-2017-2595 HIGH
Red Hat JBoss EAP 6 & 7 - Authenticated Arbitrary File Read via Path Traversal
CVSS 7.7
CVE-2017-3188 MEDIUM
dotcms < 3.7.1 - Unauthenticated Path Traversal and Arbitrary File Write via Push Publishing Bundle Archive
CVSS 6.5
Details
Vulnerabilities 9,275
Exploit Likelihood High