CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,287 vulnerabilities with CWE-22
CVE-2015-2243
webshop_hun 1.062S - Path Traversal via mappa Parameter
CVE-2015-0933
ShareLaTeX < 0.1.2 - Authenticated Path Traversal via \include Command
CVE-2015-2071
eTouch SamePage Enterprise Edition 4.4.0.0.239 - Authenticated Path Traversal via filepath Parameter
CVE-2015-2067
MAGMI - Path Traversal via File Parameter
CVE-2015-1589
archmage 0.2.4 - Path Traversal and Arbitrary File Write via CHM File
CVE-2015-0878
CREAR AL-Mail32 < 1.13c - Unauthenticated Path Traversal and Arbitrary File Write via Attachment Filename
CVE-2015-1579
Elegant Themes Divi - Path Traversal
CVE-2015-1577
u5CMS < 3.9.3 - Path Traversal and Arbitrary File Write via f Parameter
CVE-2015-1365
Pixabay Images <2.4 - Path Traversal
CVE-2015-1195
OpenStack Image Registry and Delivery Service - Info Disclosure
CVE-2015-1193
pax 1:20140703 - Path Traversal and Arbitrary File Write via Archive Pathname
CVE-2015-1192
kgb 1.0b4 - Path Traversal and Arbitrary File Write via Crafted Archive
CVE-2015-1191
pigz 2.3.1 - Path Traversal and Arbitrary File Write via Archive Extraction
CVE-2015-0867
SYNCK GRAPHICA Download Log CGI 3.0 - Path Traversal via Crafted Filename
CVE-2015-0516
EMC ViPR SRM < 3.6.1 and Watch4Net < 6.5u1 - Authenticated Path Traversal
CVE-2015-0552
gcab 0.4 - Path Traversal and Arbitrary File Write via CAB File Path
CVE-2015-0016 HIGH KEV
Windows TS WebProxy - Directory Traversal Elevation of Privilege via Crafted Executable Pathname
CVSS 7.8
CVE-2014-125125 HIGH
A10 Networks AX Loadbalancer <2.7.0 - Path Traversal
CVE-2014-125080 MEDIUM
faplanet < 2014-05-21 - Path Traversal
CVSS 5.5
CVE-2014-125069 MEDIUM
saxman maps-js-icoads - Info Disclosure
CVSS 4.3
CVE-2014-125068 MEDIUM
maps-js-icoads < 09-02-2014 - Path Traversal in http-server.js
CVSS 5.5
CVE-2014-125033 LOW
rails-cv-app < 2014-11-16 - Path Traversal via Uploaded Files Controller
CVSS 3.5
CVE-2014-8939 MEDIUM
Lexiglot <2014-11-20 - Info Disclosure
CVSS 5.3
CVE-2014-7174 MEDIUM
FarLinX X25 Gateway - Path Traversal
CVSS 5.3
CVE-2014-4650 CRITICAL
Python 2.7.5 and 3.3.4 - Path Traversal via URL-Encoded Path Separators
CVSS 9.8
Details
Vulnerabilities 9,287
Exploit Likelihood High