CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,292 vulnerabilities with CWE-22
CVE-2009-2379
BIGACE Web CMS 2.6 - Path Traversal
CVE-2009-2338
FreeWebshop.org <2.2.9 R2 - Path Traversal
CVE-2009-2333
CMS Chainuk < 1.2 - Path Traversal and Arbitrary File Execution via Menu Parameter
CVE-2009-2325
Clicknet CMS 2.1 - Path Traversal via Side Parameter
CVE-2009-2265
FCKeditor <2.6.4.1 - Path Traversal
CVE-2009-2313
Jinzora Media Jukebox <2.8 - Path Traversal
CVE-2009-2275
cPanel - Path Traversal via Domain Parameter in Last Visit Stats Page
CVE-2009-2263
Awesome PHP Mega File Manager 1.0 - Path Traversal
CVE-2009-2258
Netgear DG632 <3.4.0_ap - Path Traversal
CVE-2009-2229
Kasseler CMS 1.3.5 lite - Path Traversal
CVE-2009-2224
AN Guestbook 0.7.8 - Path Traversal
CVE-2009-2223
LightOpenCMS 0.1 - Path Traversal via cwd Parameter
CVE-2009-2222
PHP-I-BOARD <= 1.2 - Path Traversal via Directory Traversal Sequences
CVE-2009-2220
Tribiq CMS 5.0.12c - Path Traversal
CVE-2009-2184
Gravy Media Photo Host 1.0.8 - Path Traversal
CVE-2009-2183
Campsite <3.3.0 RC1 - Path Traversal
CVE-2009-2180
Pc4 Uploader <10.0 - Path Traversal
CVE-2009-2177
Fuzzylime CMS <3.03a - Path Traversal
CVE-2009-2176
fuzzylime_cms <= 3.03a - Remote File Inclusion via Directory Traversal
CVE-2009-2166
OCS Inventory NG <1.02.1 (Unix) - Path Traversal
CVE-2009-2161
TorrentTrader Classic 1.09 - Path Traversal
CVE-2009-2151
AdaptWeb 0.9.2 - Path Traversal via Newlang Parameter
CVE-2009-2132
4images < 1.7.7 - Unauthenticated Path Traversal via Global.php l Parameter
CVE-2009-2124
elvinbts 1.2.0 - Path Traversal via Page.php ID Parameter
CVE-2009-2116
SkyBlueCanvas 1.1 r237 - Path Traversal
Details
Vulnerabilities 9,292
Exploit Likelihood High