CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,283 vulnerabilities with CWE-22
CVE-2017-6681 HIGH
Cisco Ultra Services Framework 21.0.0.0 - Unauthenticated Relative Path Traversal and Sensitive File Read
CVSS 7.5
CVE-2017-8841 HIGH
Peplink Balance 305 380 580 710 1350 2500 Firmware - Arbitrary File Deletion via upfile.path Parameter
CVSS 8.1
CVE-2017-9428 HIGH
BigTree CMS <4.2.18 - Path Traversal
CVSS 7.5
CVE-2017-9416 MEDIUM
Odoo 8.0, 9.0, 10.0 - Authenticated Path Traversal via tools.file_open
CVSS 6.5
CVE-2017-8314 MEDIUM
Kodi <= 17.1 - Path Traversal and Arbitrary File Write via Zip Extraction
CVSS 5.5
CVE-2017-5966 MEDIUM
Sitecore CRM 8.1 Rev 151207 - Authenticated Path Traversal via Download Endpoint
CVSS 4.9
CVE-2017-6821 CRITICAL
Zimbra Collaboration Suite <8.7.6 - Path Traversal
CVSS 9.8
CVE-2017-6636 MEDIUM
Cisco Prime Collaboration Provisioning < 11.1 - Authenticated Path Traversal via HTTP Request
CVSS 6.5
CVE-2017-9024 HIGH
Secure Bytes SCA 3.0 - Path Traversal
CVSS 7.5
CVE-2017-6652 HIGH
Cisco TelePresence IX5000 Series - Unauthenticated Arbitrary File Read via Directory Traversal
CVSS 7.5
CVE-2017-3980 HIGH
McAfee ePO <5.9.0-5.1.3 - Path Traversal
CVSS 7.2
CVE-2017-9067 HIGH
MODX Revolution <2.5.7 - Path Traversal
CVSS 7.0
CVE-2017-7433 MEDIUM
Micro Focus Vibe <4.0.2 - Path Traversal
CVSS 6.5
CVE-2017-9031 CRITICAL
Deluge < 1.3.15 - Path Traversal in WebUI Render File Request
CVSS 9.8
CVE-2017-9030 HIGH
Codextrous B2J Contact <2.1.13 - Path Traversal
CVSS 7.5
CVE-2017-8921 HIGH
FlightGear <2017.2.1 - Path Traversal
CVSS 7.5
CVE-2017-2163 HIGH
SOY CMS 1.8.1-1.8.12 - Authenticated Path Traversal via shop_id
CVSS 7.5
CVE-2017-8868 HIGH
flatcore-cms 1.4.7 - Path Traversal and Arbitrary File Deletion via delete Parameter
CVSS 7.5
CVE-2017-8853 HIGH
Fiyo CMS 2.0.7 - Path Traversal and Arbitrary File Delete via Backuper Controller
CVSS 7.5
CVE-2017-7929 HIGH
Advantech WebAccess < 8.1 - Path Traversal
CVSS 7.1
CVE-2017-6629 MEDIUM
Cisco Unity Connection 10.5(2) - Unauthenticated Path Traversal via ImageID Parameter
CVSS 5.3
CVE-2017-2150 MEDIUM
Booking Calendar <7.0 - Path Traversal
CVSS 5.3
CVE-2017-2119 HIGH
WBCE CMS <= 1.1.10 - Path Traversal
CVSS 8.6
CVE-2017-2117 MEDIUM
CubeCart < 6.1.5 - Authenticated Path Traversal
CVSS 4.9
CVE-2017-2098 MEDIUM
CubeCart < 6.1.4 - Authenticated Path Traversal
CVSS 6.5
Details
Vulnerabilities 9,283
Exploit Likelihood High