CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,292 vulnerabilities with CWE-22
CVE-2009-2112
phpfk 7.03 - Path Traversal and Arbitrary File Inclusion via _FORUM[settings_design_style] Parameter
CVE-2009-2110
DB Top Sites 1.0 - Path Traversal via u Parameter
CVE-2009-2109
FretsWeb 1.2 - Path Traversal via Language Parameter or Cookie
CVE-2009-2101
TorrentVolve 1.4 - Path Traversal via DeleteTorrent Parameter
CVE-2009-2100
JoomlaPraise Projectfork <2.0.10 - Path Traversal
CVE-2009-2081
phpWebThings <1.5.2 - Path Traversal
CVE-2009-2037
Online Grades & Attendance <3.2.6 - Path Traversal
CVE-2009-1760
libtorrent < 0.14.4 - Path Traversal via Multiple File Mode List Element in .torrent File
CVE-2009-2015
Joomla! com_moofaq 1.0 - Path Traversal
CVE-2009-2007
Dokeos 1.8.5 - Path Traversal via Lang and Doc_URL Parameters
CVE-2009-1948
Unclassified NewsBoard 1.6.4 - Path Traversal and Arbitrary File Read via GLOBALS Parameter
CVE-2009-1936 CRITICAL
cpCommerce 1.2.0-1.2.8 - Remote File Inclusion and Directory Traversal via GLOBALS[prefix] Parameter
CVSS 9.8
CVE-2009-1912
webSPELL < 4.2.0e - Path Traversal via Language Cookie
CVE-2009-1911
TinyWebGallery <= 1.7.6 - Remote File Inclusion via Lang Parameter
CVE-2009-1847
Easy PX 41 CMS 9.0 B1 - Path Traversal via Fiche Parameter
CVE-2009-1846
SiteX < 0.7.4 - Path Traversal via THEME_FOLDER Parameter
CVE-2009-1779
Frax.dk Php Recommend < 1.3 - Remote File Inclusion via form_include_template Parameter
CVE-2009-1774
Strawberry 1.1.1 - Path Traversal via File Parameter
CVE-2009-1770
Flyspeck CMS 6.8 - Path Traversal via Lang Parameter
CVE-2009-1768
Ramazeiten Ramazaitencms0.9.7.5 - Path Traversal
CVE-2009-1765
pluck 4.6.2 - Path Traversal via langpref Parameter
CVE-2009-1748
Catviz 0.4.0 Beta 1 - Path Traversal via webpages_form or userman_form Parameter
CVE-2009-1161
CiscoWorks Common Services 3.0.x-3.2.x - Path Traversal via TFTP Service
CVE-2009-1744
Pinnacle Studio 12 - Denial of Service via Crafted Hollywood FX Archive
CVE-2009-1743
Pinnacle Studio 12 - Path Traversal and Arbitrary File Write via Hollywood FX Archive Filename
Details
Vulnerabilities 9,292
Exploit Likelihood High