CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,290 vulnerabilities with CWE-22
CVE-2010-2045
Dionesoft Com Dioneformwizard - Path Traversal
CVE-2010-2037
Percha Downloads Attach 1.1 - Path Traversal via Controller Parameter
CVE-2010-2036
Percha Fields Attach 1.x - Path Traversal via Controller Parameter
CVE-2010-2035
Percha Gallery 1.6 Beta - Path Traversal via Controller Parameter
CVE-2010-2034
Percha Image Attach 1.1 - Path Traversal via Controller Parameter
CVE-2010-2033
Percha com_perchacategoriestree 0.6 - Path Traversal via Controller Parameter
CVE-2010-2018
Lokomedia CMS 1.4.1 and 2.0 - Path Traversal via downlot.php file Parameter
CVE-2010-2006
LetoDMS < 1.7.2 - Authenticated Path Traversal via Lang Parameter
CVE-2010-1999
OpenMairie Opencatalogue 1.024 - Path Traversal via dsn[phptype] Parameter
CVE-2010-1983
redTWITTER (com_redtwitter) 1.0.x - Path Traversal via View Parameter
CVE-2010-1982
JA Voice (com_javoice) 2.0 - Path Traversal via View Parameter
CVE-2010-1981
Fabrik 2.0 - Path Traversal via Controller Parameter
CVE-2010-1980
com_joomlaflickr 1.0.3 - Local File Inclusion via Controller Parameter
CVE-2010-1979
Affiliate Datafeeds (com_datafeeds) build 880 - Path Traversal via Controller Parameter
CVE-2010-1977
Gohigheris Com Jwhmcs - Path Traversal
CVE-2010-0403
phpGroupWare < 0.9.16.016 - Remote Code Execution via about.php app Parameter
CVE-2010-1948
openMairie Openfoncier 2.00 - Remote File Inclusion via soustab.php dsn[phptype] Parameter
CVE-2010-1947
openMairie Openregistrecil 1.02 - Remote File Inclusion via Directory Traversal in soustab.php
CVE-2010-1957
com_lovefactory 1.3.4 - Path Traversal via Controller Parameter
CVE-2010-1956
Gadget Factory (com_gadgetfactory) 1.0.0 and 1.5.0 - Path Traversal via Controller Parameter
CVE-2010-1955
Deluxe Blog Factory (com_blogfactory) 1.1.2 - Path Traversal via Controller Parameter
CVE-2010-1954
iNetLanka Multiple root (com_multiroot) 1.0 and 1.1 - Path Traversal via Controller Parameter
CVE-2010-1953
iNetLanka Multiple Map (com_multimap) 1.0 - Path Traversal via Controller Parameter
CVE-2010-1952
cmstactics com_beeheard and com_beeheardlite 1.0 - Path Traversal via Controller Parameter
CVE-2010-1951
60cyclecms - Path Traversal via DOCUMENT_ROOT Parameter
Details
Vulnerabilities
9,290
Exploit Likelihood
High