CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,292 vulnerabilities with CWE-22
CVE-2008-7262
pyftpdlib < 0.3.0 - Authenticated Path Traversal via CWD DELE STOR or RETR Command
CVE-2008-7254
Irmin CMS 0.5 and 0.6 BETA2 - Path Traversal via _Root_Path Parameter
CVE-2008-3685
EMC Documentum App Xtender <5.40 SP1 - Path Traversal
CVE-2008-7240
Linux Web Shop (LWS) php User Base 1.3beta - Path Traversal
CVE-2008-7178
XOOPS Uploader 1.1 - Path Traversal
CVE-2008-7176
Facil CMS 0.1RC - Path Traversal via change_lang or modload Parameter
CVE-2008-7163
SineCMS < 2.3.5 - Path Traversal via sine[config][index_main] Parameter
CVE-2008-7142
cPanel 11.18.3 - Path Traversal via Disk Usage Module showtree Parameter
CVE-2008-7110
Kyocera Mita Scanner File Utility 3.3.0.1 - Path Traversal via Dot-Dot in Request
CVE-2008-7093
Unica Affinium Campaign 7.2.1.0.55 - Path Traversal via New Folder Functionality or CampaignListener
CVE-2008-7090
Pligg CMS < 9.9 - Path Traversal via Trackback URL or Template Parameter
CVE-2008-7084
Velocity Security Management System - Path Traversal via URI
CVE-2008-7064
Quicksilver Forums <= 1.4.2 - Remote Code Execution via Lang Parameter Backslash Bypass
CVE-2008-7055
ezContents 2.0.3 - Remote File Inclusion via Doubled Dot Dot Slash in Link Parameter
CVE-2008-7054
ezContents 2.0.3 - Path Traversal via Multiple Parameters
CVE-2008-6933
MiniGal b13 - Path Traversal via List Parameter
CVE-2008-6926
Fantastico De Luxe Module for cPanel - Path Traversal and Arbitrary File Execution via scriptpath_show Parameter
CVE-2008-6901
2532gigs 1.2.2 - Remote File Inclusion via Language Parameter
CVE-2008-6884
XOOPS 2.3.1 - Path Traversal via xoopsConfig[language] Parameter
CVE-2008-6878
Zen Cart 1.3.8a and earlier - Path Traversal via _SESSION[language] Parameter
CVE-2008-6877
Zen Cart 1.3.8 and 1.3.8a - Path Traversal via Loader File Parameter
CVE-2008-6843
Fantastico De Luxe - Path Traversal via sup3r Parameter
CVE-2008-6842
Pluck 4.6.1 - Path Traversal via Post Parameter
CVE-2008-6834
fuzzylime (cms) 3.01 and 3.01a - Path Traversal via commupdate.php s Parameter or newsheads.php heads Parameter
CVE-2008-6833
fuzzylime_cms - Path Traversal via commsrss.php files Parameter
Details
Vulnerabilities 9,292
Exploit Likelihood High