CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,285 vulnerabilities with CWE-22
CVE-2017-5982 HIGH
Kodi Chorus2 2.4.2 - Path Traversal via Encoded Dot-Dot-Slash in Image Path
CVSS 7.5
CVE-2017-5946 CRITICAL
rubyzip < 1.2.1 - Path Traversal via Zip::File Component
CVSS 9.8
CVE-2017-6306 HIGH
ytnef < 1.9.1 - Path Traversal via SanitizeFilename Function
CVSS 7.8
CVE-2017-5168 HIGH
Hanwha Techwin Smart Security Manager <1.5 - Path Traversal
CVSS 7.5
CVE-2017-5163 MEDIUM
Belden Hirschmann GECKO Lite <2.0.00 - Path Traversal
CVSS 5.9
CVE-2017-5143 HIGH
Honeywell XL Web II controller <XL1000C500 - Path Traversal
CVSS 8.6
CVE-2017-5219 CRITICAL
SageCRM < 7.3 SP3 - Unauthenticated Path Traversal and Arbitrary File Write via Component Manager Zip Upload
CVSS 9.8
CVE-2017-5182 HIGH
Open Enterprise Server - Unauthenticated Arbitrary File Read via Remote Manager URL
CVSS 7.5
CVE-2017-5539 CRITICAL
b2evolution - Path Traversal and Arbitrary File Read via Filter Bypass
CVSS 9.1
CVE-2017-5541 MEDIUM
Symphony < 2.6.9 - Path Traversal via User Error Template Parameters
CVSS 5.3
CVE-2017-5480 HIGH
b2evolution < 6.8.3 - Authenticated Path Traversal via fm_selected Array Parameter
CVSS 8.1
CVE-2016-20081 HIGH
WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
CVSS 7.5
CVE-2016-20076 HIGH
WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download
CVSS 7.5
CVE-2016-20048 HIGH
iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter
CVSS 8.4
CVE-2016-20041 HIGH
Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter
CVSS 8.4
CVE-2016-20040 HIGH
TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter
CVSS 8.4
CVE-2016-20023 MEDIUM
CKSource CKFinder <2.5.0.1 - File Download
CVSS 5.0
CVE-2016-15055 HIGH
JVC IP-Camera VN-T216VPRU < 2016-08-22 - Unauthenticated Path Traversal via checkcgi Endpoint
CVE-2016-15038 MEDIUM
NUUO NVRmini 2 <3.0.8 - Path Traversal
CVSS 6.5
CVE-2016-15023 LOW
SiteFusion Application Server <6.6.6 - Path Traversal
CVSS 3.5
CVE-2016-15019 MEDIUM
jekbox < 2016-02-01 - Path Traversal in lib/server.rb
CVSS 4.3
CVE-2016-15017 MEDIUM
TYPO3 fabarea media_upload <0.9.0 - Path Traversal
CVSS 5.5
CVE-2016-7063 CRITICAL
pritunl-client < 1.0.1116.6 - Arbitrary File Write via Path Traversal
CVSS 9.8
CVE-2016-10977 MEDIUM
Nelio AB Testing < 4.5.0 - Path Traversal via Filename Parameter
CVSS 6.5
CVE-2016-10966 HIGH
real3d-flipbook-lite 1.0 - Path Traversal and Arbitrary File Write via bookName Parameter
CVSS 7.5
Details
Vulnerabilities 9,285
Exploit Likelihood High