CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,292 vulnerabilities with CWE-22
CVE-2009-3694
ezRecipe-Zee 91 - Path Traversal via cfg[prePath] Parameter
CVE-2009-3693
Persits XUpload - Path Traversal via MakeHttpRequest Method
CVE-2009-3664
Nullam Blog 0.1.2 - Path Traversal via p or s Parameter
CVE-2009-3561
Xerver HTTP Server 4.32 - Path Traversal via chooseDirectory currentPath Parameter
CVE-2009-3542
LittleSite 0.1 - Path Traversal and Arbitrary File Execution via File Parameter
CVE-2009-3538
Clear Content 1.1 - Path Traversal via Thumb.php URL Parameter
CVE-2009-3535
Clear Content 1.1 - Path Traversal via Image.php URL Parameter
CVE-2009-3534
LionWiki 3.0.3 - Path Traversal via Page Parameter
CVE-2009-3515
d.net CMS - Authenticated Path Traversal via Type Parameter
CVE-2009-3508
Fcgphilipp Mujecms - Path Traversal
CVE-2009-3507
CMSphp 0.21 - Path Traversal and Arbitrary File Execution via mod_file Parameter
CVE-2009-3451
RADactive i-load < 2008.2.4.0 - Path Traversal via WebCoreModule.ashx
CVE-2009-3425
MaxCMS 3.11.20b - Path Traversal via thCMS_root Parameter
CVE-2009-3366
An image gallery 1.0 - Path Traversal via Path Parameter
CVE-2009-3318
Roland Breedveld Album (com_album) 1.14 - Path Traversal via Target Parameter
CVE-2009-3284
phpspot PHP BBS and related products - Path Traversal
CVE-2009-3249
vtiger CRM 5.0.4 - Path Traversal and Arbitrary File Execution via Module Parameter
CVE-2009-3219
AR Web Content Manager 2.1 - Remote File Inclusion via 'a' Parameter
CVE-2009-3216
iWiccle 1.01 - Path Traversal via Show or Module Parameter
CVE-2009-3211
VivaPrograms Infinity Script 2.x.x - Path Traversal via options[style_dir] Parameter
CVE-2009-3181
Anantasoft Gazelle CMS 1.0 - Path Traversal and Arbitrary File Write via Customize Template Parameter
CVE-2009-3167
Anantasoft Gazelle CMS 1.0 - Path Traversal via Template Parameter
CVE-2009-3151
Ultrize TimeSheet 1.2.2 - Path Traversal via File Download Parameter
CVE-2009-3149
Elgg 1.5 - Path Traversal via js Parameter
CVE-2009-3124
QuarkMail - Path Traversal via get_message.cgi tf Parameter
Details
Vulnerabilities
9,292
Exploit Likelihood
High