CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,280 vulnerabilities with CWE-22
CVE-2017-16107 HIGH
pooledwebsocket < 0.0.18 (npm < 0.0.19) - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16106 HIGH
tmock - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16105 HIGH
serverwzl - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16104 HIGH
citypredict.whauwiller - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16103 HIGH
serveryztyzt - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16102 HIGH
serverhuwenhui - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16101 HIGH
serverwg - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16097 HIGH
tiny-http - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16096 HIGH
serveryaozeyan - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16095 HIGH
serverliujiayi1 - Path Traversal via URL
CVSS 7.5
CVE-2017-16094 HIGH
iter-http - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16093 HIGH
cyber-js - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16092 HIGH
sencisho - Path Traversal via URL
CVSS 7.5
CVE-2017-16091 HIGH
xtalk >= 0.0.2 - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16090 HIGH
fsk-server - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16089 HIGH
serverlyr - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16085 HIGH
tinyserver2 < 0.6.0 - Path Traversal via URL
CVSS 7.5
CVE-2017-16084 HIGH
list-n-stream < 0.0.10 - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16083 HIGH
node-simple-router < 0.10.0 - Path Traversal via URL
CVSS 7.5
CVE-2017-16039 HIGH
hftp - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16038 HIGH
f2e-server < 1.12.11 - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16037 HIGH
gomeplus-h5-proxy - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-16036 HIGH
badjs-sourcemap-server - Path Traversal via URL Manipulation
CVSS 7.5
CVE-2017-16029 HIGH
hostr < 2.3.5 - Path Traversal via URL Path
CVSS 7.5
CVE-2017-0930 MEDIUM
augustine - Path Traversal via URL Parameter
CVSS 6.5
Details
Vulnerabilities 9,280
Exploit Likelihood High