CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,293 vulnerabilities with CWE-22
CVE-2008-5919
WebSVN < 2.0 - Path Traversal and Arbitrary File Write via RSS Rev Parameter
CVE-2008-5894
Mediatheka 4.2 - Path Traversal via Lang Parameter
CVE-2008-5883
mini-pub < 0.3 - Unauthenticated Path Traversal via sDir Parameter
CVE-2008-5881
playSMS 0.9.3 - Path Traversal via Gateway Module or Themes Module Parameter
CVE-2008-5878
Phpclanwebsite < Fix Pack 5 - Path Traversal
CVE-2008-5867
Yerba SACphp 6.3 - Path Traversal via SID Parameter
CVE-2008-5862
webcamXP <5.3.2.410 - Path Traversal
CVE-2008-5861
FreeLyrics 1.0 - Path Traversal via p Parameter
CVE-2008-5860
Constructr CMS <3.02.5 - Path Traversal
CVE-2008-5856
ClaSS < 0.8.60 - Path Traversal via ftype Parameter
CVE-2008-5819
eDreamers eDNews <2 - Path Traversal
CVE-2008-5818
eDreamers eDContainer <2.22 - Path Traversal
CVE-2008-5794
LoveCMS 1.6.2 Final - Path Traversal
CVE-2008-5787
Arab Portal 2.1 - Path Traversal via mod.php file Parameter
CVE-2008-5776
Aperto Blog 0.1.1 - Path Traversal
CVE-2008-5771
PHP Weather 2.2.2 - Path Traversal
CVE-2008-5752
Page Flip Image Gallery <0.2.2 - Path Traversal
CVE-2008-5748 HIGH
BloofoxCMS 0.3.4 - Path Traversal via Lang Theme or Module Parameter
CVSS 8.1
CVE-2008-5728
AIST NetCat <= 3.12 - Remote File Inclusion via Path Traversal
CVE-2008-5723
CGI RESCUE KanniBBS2000 <1.03 - Path Traversal
CVE-2008-5658
PHP < 5.2.6 - Path Traversal and Arbitrary File Write via ZipArchive::extractTo
CVE-2008-5645
Orb Networks Orb <2.01.0022 - Path Traversal
CVE-2008-5642
CMS Made Simple 1.4.1 - Path Traversal
CVE-2008-5639
TxtBlog 1.0 Alpha - Path Traversal via m Parameter
CVE-2008-5604
My Simple Forum <4.1 - Path Traversal
Details
Vulnerabilities 9,293
Exploit Likelihood High