CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,280 vulnerabilities with CWE-22
CVE-2017-16148 HIGH
serve46 - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16147 HIGH
shit-server - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16146 HIGH
mockserve < 2.0.6 - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16145 HIGH
sspa - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16144 HIGH
myserver.alexcthomas18 - Path Traversal
CVSS 7.5
CVE-2017-16143 HIGH
commentapp.stetsonwood - Path Traversal
CVSS 7.5
CVE-2017-16142 HIGH
infraserver - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16141 HIGH
lab6drewfusbyu < 0.1.1 - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16140 HIGH
lab6.brit95 < 0.1.1 - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16139 HIGH
jikes - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16135 HIGH
serverzyy - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16134 HIGH
http_static_simple - Path Traversal
CVSS 7.5
CVE-2017-16133 HIGH
goserv - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16132 HIGH
simple-npm-registry - Path Traversal
CVSS 7.5
CVE-2017-16131 HIGH
unicorn-list < 1.0.4 - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16130 HIGH
exxxxxxxxxxx - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16125 HIGH
rtcmulticonnection-client - Path Traversal
CVSS 7.5
CVE-2017-16124 HIGH
node-server-forfront - Path Traversal
CVSS 7.5
CVE-2017-16123 HIGH
welcomyzt < 1.1.0 - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16122 HIGH
cuciuci - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16121 HIGH
datachannel-client - Path Traversal
CVSS 7.5
CVE-2017-16120 HIGH
liyujing - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16110 HIGH
weather.swlyons - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16109 MEDIUM
easyquick < 0.1.1 - Path Traversal via URL Manipulation
CVSS 5.3
CVE-2017-16108 HIGH
gaoxiaotingtingting - Path Traversal via URL Parameter
CVSS 7.5
Details
Vulnerabilities 9,280
Exploit Likelihood High