CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,292 vulnerabilities with CWE-22
CVE-2009-4683
Good/Bad Vote <unknown> - Path Traversal
CVE-2009-4679
Joomla! com_if_nexus 1.5 - Path Traversal
CVE-2009-4672
WP-Lytebox 1.3 - Path Traversal via pg Parameter
CVE-2009-4665
CuteSoft Components Cute Editor - Path Traversal
CVE-2009-4645
Accellion Secure File Transfer Appliance <8.0.105 - Path Traversal
CVE-2009-4013 CRITICAL
Lintian 1.23.0-1.23.28, 1.24.0-1.24.2.1, 2.0-2.3.1 - Path Traversal via Control Field Handling
CVSS 9.8
CVE-2009-2902
Apache Tomcat 5.5.0-5.5.28 and 6.0.0-6.0.20 - Path Traversal via WAR Filename
CVE-2009-2693
Apache Tomcat <6.0.20 - Path Traversal
CVE-2009-4000
HP Power Manager <4.2.10 - Path Traversal
CVE-2009-4627
Moa Gallery <1.2.0 - Path Traversal
CVE-2009-4626
phpNagios 1.2.0 - Remote File Inclusion via menu.php conf[lang] Parameter
CVE-2009-4581 CRITICAL
RoseOnlineCMS <3 B1 - Path Traversal
CVSS 9.8
CVE-2009-4512
Oscailt 3.3 - Unauthenticated Local File Inclusion via obj_id Parameter
CVE-2009-4449 MEDIUM
MyBB 1.4.10 - Authenticated Path Traversal via Avatar Gallery Parameter
CVSS 6.5
CVE-2009-4435
F3Site 2009 - Path Traversal via GLOBALS[nlang] Parameter
CVE-2009-4434
IDevSpot iSupport <1.8 - Path Traversal
CVE-2009-4427
phpLDAPadmin <1.1.0.5 - Path Traversal
CVE-2009-4426
Ignition 1.2 - Remote File Inclusion via Blog Parameter
CVE-2009-4421
Simple PHP Blog <0.5.1 - Path Traversal
CVE-2009-4415
phpGroupWare <0.9.16.014 - Path Traversal
CVE-2009-3583
SQL-Ledger 2.8.24 - Path Traversal via Countrycode Field
CVE-2009-4383
Rocomotion P forum <1.28 - Path Traversal
CVE-2009-3702
php-calendar 1.1 - Path Traversal and Arbitrary File Execution via configfile Parameter
CVE-2009-4374
AlienVault OSSIM <2.1.5.4 - Path Traversal
CVE-2009-4261
Ganeti 1.2.4-1.2.8, 2.0.0-2.0.4, < 2.1.0~rc2 - Path Traversal and Arbitrary Program Execution via Iallocator Framework
Details
Vulnerabilities 9,292
Exploit Likelihood High