CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,275 vulnerabilities with CWE-22
CVE-2017-16170 HIGH
liuyaserver - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16169 HIGH
looppake - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16168 HIGH
wffserve - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16167 HIGH
yyooopack - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16166 HIGH
byucslabsix - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16165 HIGH
calmquist.static-server - Path Traversal
CVSS 7.5
CVE-2017-16164 HIGH
desafio - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16163 HIGH
dylmomo - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16162 HIGH
22lixian - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16161 HIGH
shenliru - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16160 HIGH
11xiaoli - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16159 HIGH
caolilinode - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16158 HIGH
dcserver - Path Traversal via URL
CVSS 7.5
CVE-2017-16157 HIGH
censorify.tanisjr - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16156 HIGH
myprolyz - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16155 HIGH
fast-http-cli - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16154 HIGH
earlybird - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16152 HIGH
static-html-server - Path Traversal
CVSS 7.5
CVE-2017-16150 HIGH
wanggoujing123 < 1.3.0 - Path Traversal via URL
CVSS 7.5
CVE-2017-16149 HIGH
zwserver < 0.1.1 - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16148 HIGH
serve46 - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16147 HIGH
shit-server - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16146 HIGH
mockserve < 2.0.6 - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16145 HIGH
sspa - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16144 HIGH
myserver.alexcthomas18 - Path Traversal
CVSS 7.5
Details
Vulnerabilities 9,275
Exploit Likelihood High