CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,280 vulnerabilities with CWE-22
CVE-2017-9965 MEDIUM
Pelco VideoXpert < 2.1 - Unauthenticated Sensitive Information Exposure via Directory Traversal
CVSS 5.8
CVE-2017-9964 MEDIUM
Schneider Electric Pelco VideoXpert < 2.1 - Path Traversal via Communication Sniffing
CVSS 6.9
CVE-2017-17992 CRITICAL
Biometric Shift Employee Management System - Arbitrary File Download via index.php form_file_name Parameter
CVSS 9.8
CVE-2017-17927 MEDIUM
Professional Service Script - Path Traversal via PATH_INFO to service-list/category/
CVSS 5.3
CVE-2017-17924 MEDIUM
PHP Scripts Mall Professional Service Script - Path Traversal via id Parameter
CVSS 5.3
CVE-2017-15309 HIGH
Huawei iReader < 8.0.2.301 - Path Traversal via Insufficient File Storage Path Validation
CVSS 7.1
CVE-2017-10907 MEDIUM
OneThird CMS Show Off < 1.85 - Path Traversal and Arbitrary File Read
CVSS 4.3
CVE-2017-5261 HIGH
Cambium Networks cnPilot <4.3.2-R4 - Path Traversal
CVSS 8.8
CVE-2017-15532 MEDIUM
Symantec Messaging Gateway < 10.6.4 - Path Traversal
CVSS 5.7
CVE-2017-17739 CRITICAL
BrightSign 4k242 Firmware < 6.2.63 - Path Traversal and Arbitrary File Write via /storage.html rp Parameter
CVSS 9.8
CVE-2017-17715 HIGH
Telegram Messenger < 2017-12-08 - Path Traversal via MediaController saveFile Method
CVSS 8.8
CVE-2017-16788 HIGH
Meinberg LANTIME <6.24.004 - Path Traversal
CVSS 7.2
CVE-2017-17671 CRITICAL
vBulletin <= 5.3.x - Unauthenticated Remote Code Execution via Path Traversal
CVSS 9.8
CVE-2017-1548 MEDIUM
IBM Sterling File Gateway 2.2 - Path Traversal via Specially-Crafted URL Request
CVSS 5.3
CVE-2017-15895 MEDIUM
Synology Router Manager < 1.1.5-6542-4 - Path Traversal & Arbitrary File Write
CVSS 6.5
CVE-2017-15894 MEDIUM
Synology DSM <5.2-5967-6/6.0.x<6.0.3-8754-3 Authenticated Path Traversal & Arbitrary File Write
CVSS 6.5
CVE-2017-15893 MEDIUM
Synology File Station < 1.1.1-0099 - Path Traversal & Arbitrary File Write
CVSS 6.5
CVE-2017-16929 HIGH
Claymore Dual GPU miner 10.1 - Path Traversal
CVSS 8.1
CVE-2017-10861 CRITICAL
QualitySoft QND Advance/Standard - Path Traversal via Specially Crafted Command
CVSS 9.1
CVE-2017-15607 CRITICAL
Inedo Otter < 1.7.4 - Path Traversal via Filesystem-Based Rafts
CVSS 9.8
CVE-2017-14196 HIGH
Squiz Matrix <5.3.6.1, <5.4.1.3 - Info Disclosure
CVSS 7.5
CVE-2017-17058 HIGH
WooCommerce < 3.2.6 - Directory Traversal via Email Template URI
CVSS 7.5
CVE-2017-17042 HIGH
YARD < 0.9.11 - Path Traversal via Relative Path Handling
CVSS 7.5
CVE-2017-16959 MEDIUM
TP-Link TL-WVR/TL-WAR/TL-ER/TL-R - Info Disclosure
CVSS 6.5
CVE-2017-16936 MEDIUM
Tenda AC9, AC15, AC18 Firmware - Unauthenticated Path Traversal via app_data_center
CVSS 6.5
Details
Vulnerabilities 9,280
Exploit Likelihood High