CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2010-1512
aria2 < 1.9.3 - Path Traversal via Metalink File Element
CVE-2010-1000
KDE SC 4.0.0-4.4.3 - Unauthenticated Arbitrary File Write via Metalink File Element
CVE-2010-0999
Free Download Manager <3.0.852 - Path Traversal
CVE-2010-1936
openMairie openComInterne 1.01 - Path Traversal via dsn[phptype] Parameter
CVE-2010-1935
openMairie Openpresse 1.01 - Path Traversal via dsn[phptype] Parameter
CVE-2010-1928
openMairie openPlanning 1.00 - Remote File Inclusion via soustab.php dsn[phptype] Parameter
CVE-2010-1926
openMairie openCourrier 2.02 and 2.03 beta - Remote File Inclusion via dsn[phptype] Parameter
CVE-2010-1920
OpenMairie openAnnuaire 2.00 - Remote File Inclusion via dsn[phptype] Parameter
CVE-2010-1878
com_orgchart 1.0.0 - Path Traversal via Controller Parameter
CVE-2010-1875
Real Estate Property (com_properties) 3.1.22-03 - Path Traversal via Controller Parameter
CVE-2010-1858
SMEStorage (com_smestorage) < 1.1 - Path Traversal via Controller Parameter
CVE-2010-1723
iNetLanka Contact Us Draw Root Map (com_drawroot) 1.1 - Path Traversal via Controller Parameter
CVE-2010-1722
com_market 2.x - Path Traversal via Controller Parameter
CVE-2010-1719
com_mtfireeagle 1.2 - Path Traversal via Controller Parameter
CVE-2010-1718
com_archeryscores 1.0.6 - Path Traversal via Controller Parameter
CVE-2010-1717
iF surfALERT 1.2 - Path Traversal via Controller Parameter
CVE-2010-1715
com_onlineexam 1.5.0 - Path Traversal via Controller Parameter
CVE-2010-1714
com_arcadegames 1.0 - Path Traversal via Controller Parameter
CVE-2010-1710
Siestta 2.0 - Path Traversal via Idioma Parameter
CVE-2010-1659
com_ultimateportfolio 1.0 - Path Traversal via Controller Parameter
CVE-2010-1658
Code-Garage NoticeBoard 1.3 - Path Traversal via Controller Parameter
CVE-2010-1657
com_smartsite 1.0.0 - Path Traversal via Controller Parameter
CVE-2010-1653
Graphics (com_graphics) 1.0.6 and 1.5.0 - Path Traversal via Controller Parameter
CVE-2010-1652
HelpCenterLive 2.0.6 and 2.1.7 - Path Traversal via File Parameter
CVE-2010-1607
com_wmi 1.5.0 - Path Traversal via Controller Parameter
Details
Vulnerabilities 9,290
Exploit Likelihood High