CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,275 vulnerabilities with CWE-22
CVE-2017-16195 HIGH
pytservce - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16194 HIGH
picard - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16193 HIGH
mfrs - Path Traversal via URL
CVSS 7.5
CVE-2017-16192 HIGH
getcityapi.yoehoehne - Path Traversal
CVSS 7.5
CVE-2017-16191 HIGH
cypserver - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16190 HIGH
dcdcdcdcdc - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16189 HIGH
sly07 - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16188 HIGH
reecerver - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16187 HIGH
open-device - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16186 HIGH
360class.jansenhm - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16185 HIGH
uekw1511server - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16184 HIGH
scott-blanch-weather-app - Path Traversal
CVSS 7.5
CVE-2017-16183 HIGH
iter-server - Path Traversal via URL
CVSS 7.5
CVE-2017-16182 HIGH
serverxxx - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16181 HIGH
wintiwebdev - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16180 HIGH
serverabc - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16179 MEDIUM
dasafio - Path Traversal via URL Parameter
CVSS 5.3
CVE-2017-16178 HIGH
intsol-package - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16177 HIGH
chatbyvista - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16176 HIGH
jansenstuffpleasework - Path Traversal
CVSS 7.5
CVE-2017-16175 HIGH
ewgaddis.lab6 - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16174 HIGH
whispercast - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16173 HIGH
utahcityfinder - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16172 HIGH
section2.madisonjbrooks12 - Path Traversal
CVSS 7.5
CVE-2017-16171 HIGH
hcbserver - Path Traversal via URL Parameter
CVSS 7.5
Details
Vulnerabilities 9,275
Exploit Likelihood High