CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,286 vulnerabilities with CWE-22
CVE-2015-10136 HIGH
GI-Media Library <3.0 - Path Traversal
CVSS 7.5
CVE-2015-10134 HIGH
Simple Backup <2.7.10 - Arbitrary File Download
CVSS 7.5
CVE-2015-5467 CRITICAL
Yii 2.0.0-2.0.4 - Arbitrary Local File Execution via View Parameter Path Traversal
CVSS 9.8
CVE-2015-10105 MEDIUM
IP Blacklist Cloud Plugin <3.42 - Path Traversal
CVSS 6.3
CVE-2015-10043 MEDIUM
abreen Apollo < 2015-01-29 - Path Traversal via File Argument
CVSS 5.5
CVE-2015-10030 MEDIUM
SUKOHI Surpass <1.0.0 - Path Traversal
CVSS 5.5
CVE-2015-10024 MEDIUM
larasync < 2015-01-20 - Path Traversal in File Storage
CVSS 5.5
CVE-2015-2074 HIGH
SAP BusinessObjects Edge 4.0 - Unauthenticated Arbitrary File Write via File Repository Server CORBA Listener
CVSS 7.5
CVE-2015-2073 HIGH
SAP BusinessObjects Edge 4.0 - Unauthenticated Path Traversal via File Repository Server CORBA Listener
CVSS 7.5
CVE-2015-9546 MEDIUM
Android KK(4.4) and later through 2015-06-16 - Path Traversal via Inputmethod HTTP Connection
CVSS 4.8
CVE-2015-8535 HIGH
Lenovo Solution Center <3.3.002 - Path Traversal
CVSS 7.8
CVE-2015-6589 HIGH
Kaseya VSA <=9.1.0.8 Authenticated Path Traversal & Arbitrary File Write via json.ashx
CVSS 8.8
CVE-2015-3309 HIGH
Etherpad 1.1.2-1.5.4 - Path Traversal via HTTP API Path Parameter
CVSS 7.5
CVE-2015-7851 MEDIUM
NTP 4.2.0-4.2.8 - Authenticated Path Traversal via save_config Function
CVSS 6.5
CVE-2015-6591 MEDIUM
Free Reprintables ArticleFR < 3.0.7 - Path Traversal via LoadJS s Parameter
CVSS 5.5
CVE-2015-5952 CRITICAL
Thomson Reuters for FATCA <5.2 - Path Traversal
CVSS 9.8
CVE-2015-3151 HIGH
Automatic Bug Reporting Tool - Path Traversal via NewProblem GetInfo SetElement or DeleteElement Methods
CVSS 7.8
CVE-2015-2060 MEDIUM
cabextract < 1.6 - Path Traversal via Malformed UTF-8 Character
CVSS 5.3
CVE-2015-9538 MEDIUM
NextGEN Gallery < 2.1.15 - Path Traversal via Path Selection
CVSS 6.5
CVE-2015-1396 HIGH
GNU patch < 2.7.4 - Arbitrary File Write via Symlink Attack in Patch File
CVSS 7.5
CVE-2015-9480 HIGH
RobotCPA 5 for WordPress - Path Traversal via f.php l Parameter
CVSS 7.5
CVE-2015-9473 HIGH
estrutura-basica < 2015-09-13 - Path Traversal via Download Script Arquivo Parameter
CVSS 7.5
CVE-2015-9470 HIGH
ionadas history_collection < 1.1.1 - Path Traversal via download.php var Parameter
CVSS 7.5
CVE-2015-9463 HIGH
s3bubble-amazon-s3-audio-streaming 2.0 - Path Traversal via downloader.php path parameter
CVSS 7.5
CVE-2015-9464 HIGH
s3bubble-amazon-s3-html-5-video-with-adverts 0.7 - Path Traversal via Downloader Path Parameter
CVSS 7.5
Details
Vulnerabilities 9,286
Exploit Likelihood High