CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,275 vulnerabilities with CWE-22
CVE-2017-16859 MEDIUM
Atlassian Crucible and Fisheye < 4.3.2, 4.4.0-4.4.3 - Path Traversal via Review Attachment Command Parameter
CVSS 6.5
CVE-2017-17309 HIGH
Huawei HG255s-10 V100R001C163B025SP02 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2017-5381 HIGH
Firefox < 51.0 - Path Traversal via Certificate Viewer Export Function
CVSS 7.5
CVE-2017-16223 HIGH
nodeaaaaa 1.0.0-1.2.9 - Path Traversal via URL
CVSS 7.5
CVE-2017-16222 MEDIUM
elding - Path Traversal via URL Manipulation
CVSS 5.3
CVE-2017-16221 HIGH
yzt - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16220 HIGH
wind-mvc - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16219 HIGH
yttivy - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16218 HIGH
dgard8.lab6 - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16217 HIGH
fbr-client - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16216 HIGH
tencent-server - Path Traversal via URL
CVSS 7.5
CVE-2017-16215 HIGH
sgqserve - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16214 HIGH
peiserver - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16213 HIGH
mfrserver - Path Traversal via URL
CVSS 7.5
CVE-2017-16212 HIGH
ltt - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16211 HIGH
lessindex - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16210 HIGH
jn_jj_server - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16209 HIGH
enserver - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16208 HIGH
dmmcquay.lab6 - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16201 HIGH
zjjserver - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16200 HIGH
uv-tj-demo - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16199 HIGH
susu-sum - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16198 HIGH
ritp - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16197 HIGH
qinserve - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16196 HIGH
quickserver - Path Traversal via URL Parameter
CVSS 7.5
Details
Vulnerabilities 9,275
Exploit Likelihood High