CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,293 vulnerabilities with CWE-22
CVE-2008-5598
PHPmyGallery 1.51 gold - Path Traversal
CVE-2008-5594
Mini Blog 1.0.1 - Path Traversal via Page and Admin Parameters
CVE-2008-5593
Mini CMS 1.0.1 - Remote File Inclusion via Page and Admin Parameters
CVE-2008-5587
phppgadmin <= 4.2.1 - Path Traversal via _language Parameter
CVE-2008-5579
mini-pub 0.3 - Path Traversal via sFileName Parameter
CVE-2008-5570
PHP Multiple Newsletters <2.7 - Path Traversal
CVE-2008-5418
PunPortal module - Path Traversal via pun_user[language] Parameter
CVE-2008-5315
Apple iPhone Config Web Utility 1.0 - Path Traversal
CVE-2008-5301
Dovecot 1.0.15, 1.1, 1.2 - Path Traversal via ManageSieve Script Name
CVE-2008-5291
fuzzylime_cms 3.03 - Remote File Inclusion via Track.php p Parameter
CVE-2008-5275
net2ftp 0.96-0.97 - Path Traversal and Arbitrary File Write via TAR or ZIP Archive
CVE-2008-5272
SyndeoCMS 2.6.0 - Authenticated Path Traversal via Template Parameter
CVE-2008-5265
TNT Forum 0.9.4 - Remote File Inclusion via Modulo Parameter
CVE-2008-5217
txtCMS 0.3 - Path Traversal via ID Parameter
CVE-2008-5209
Admidio 1.4.8 - Path Traversal via File Parameter in get_file.php
CVE-2008-5207
Jonascms 1.2 - Path Traversal via taal Parameter
CVE-2008-5204
PowerAward 1.1.0 RC1 - Path Traversal
CVE-2008-5201
OTManager CMS 24a - Remote File Inclusion via Conteudo Parameter
CVE-2008-5175
AceFTP Freeware/AceFTP Pro 3.80.3 - Path Traversal
CVE-2008-5171
phpBLASTER CMS 1.0 RC1 - Path Traversal
CVE-2008-5116
Sun Java System Identity Manager 6.0-6.0 SP4, 7.0, 7.1 - Path Traversal via Help Server ext Parameter
CVE-2008-5062
Mini Web Calendar 1.2 - Path Traversal via cal_pdf.php thefile Parameter
CVE-2008-4281
VMware ESX and ESXi < 3.5 - Path Traversal
CVE-2008-4894
Tribiq CMS 5.0.10a and 5.0.12c - Remote File Inclusion via Template Path Parameter
CVE-2008-4913
LokiCMS <= 0.3.3 - Unauthenticated Arbitrary File Deletion via Admin.php Delete Parameter
Details
Vulnerabilities 9,293
Exploit Likelihood High