CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,293 vulnerabilities with CWE-22
CVE-2008-6833
fuzzylime_cms - Path Traversal via commsrss.php files Parameter
CVE-2008-5515
Apache Tomcat <6.0.19 - Path Traversal
CVE-2008-6825
trixbox < 2.6.1 - Remote File Inclusion via langChoice Parameter
CVE-2008-6786
GeekiGeeki < 3.0 - Path Traversal via Pagename Argument
CVE-2008-6735
ThaiQuickCart 3 - Path Traversal via sLanguage Cookie
CVE-2008-6734
Keller Web Admin CMS 0.94 Pro - Path Traversal via Action Parameter
CVE-2008-5518
Apache Geronimo Application Server <2.1.3 - Path Traversal
CVE-2008-6726
CMScout 2.06 - Path Traversal via Bit Parameter
CVE-2008-6668
nweb2fax <= 0.2.7 - Path Traversal via id or var_filename Parameter
CVE-2008-6659
Simple Machines Forum 1.0-1.0.14 and 1.1-1.1.6 - Authenticated Path Traversal via Theme Directory Parameter
CVE-2008-6658
Simple Machines Forum 1.0-1.0.14 and 1.1-1.1.6 - Authenticated Path Traversal via Package Parameter
CVE-2008-6630
wt_gallery < 2.5.0 - Path Traversal
CVE-2008-6610
phpcksec 0.2.0 - Path Traversal via File Parameter
CVE-2008-6604
PicoFlat CMS 0.5.9 - Path Traversal via Pagina Parameter
CVE-2008-6592
LightNEasy - Path Traversal and Arbitrary File Access via thumbsup.php Image Parameter
CVE-2008-6590
LightNEasy 1.2.2 - Path Traversal via Page Parameter
CVE-2008-6551
e-vision CMS <= 2.0.2 - Path Traversal via Adminlang Cookie or Module Parameter
CVE-2008-6522
OpenTerracotta 0.6.1 - Path Traversal via CurrentDirectory or File Parameter
CVE-2008-6516
phpkf-portal 1.10 - Path Traversal via tema_dizin or portal_ayarlarportal_dili Parameter
CVE-2008-6508
Openfire < 3.6.0a - Unauthenticated Path Traversal via Admin Console URI
CVE-2008-6505
Apache Struts 2.0.0-2.0.11 and 2.1.0-2.1.2 - Path Traversal via Encoded Dot-Dot-Slash in URI
CVE-2008-6502
Pro Chat Rooms 3.0.2 - Authenticated Path Traversal and Remote Code Execution via Avatar Parameter
CVE-2008-6453
6rbscript 3.3 - Path Traversal via Name Parameter
CVE-2008-6424
FFFTP 1.96b - Path Traversal via FTP LIST Response
CVE-2008-6423
PassWiki < 0.9.16 - Path Traversal via site_id Parameter
Details
Vulnerabilities 9,293
Exploit Likelihood High