CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,293 vulnerabilities with CWE-22
CVE-2008-4875
Philips Electronics VOIP841 DECT Phone 1.0.4.50 and 1.0.4.80 - Authenticated Path Traversal via GET Request
CVE-2008-4797
kantan_web_server < 1.8 - Path Traversal
CVE-2008-4781
MyKtools 2.4 - Remote File Inclusion via Language Parameter Path Traversal
CVE-2008-4780
MyForum 1.3 - Path Traversal via padmin Parameter
CVE-2008-4773
QuestCMS - Path Traversal via Theme Parameter
CVE-2008-4769
WordPress < 2.3.3 - Path Traversal via Cat Parameter
CVE-2008-4764
com_extplorer < 2.0.0 - Path Traversal via Dir Parameter in Show Error Action
CVE-2008-4759
buzzywall 1.3.1 - Path Traversal via Download ID Parameter
CVE-2008-4758
php-daily - Path Traversal via Download File Parameter
CVE-2008-4741
far-php 1.00 - Path Traversal via Index.php c Parameter
CVE-2008-4740
TinyCMS 1.1.2 - Remote File Inclusion via ZZ_Templater config[template] Parameter
CVE-2008-4739
PlugSpace 0.1 - Path Traversal via Navi Parameter
CVE-2008-4718
X7 Chat < 2.0.1 - Path Traversal and Arbitrary File Execution via Help File Parameter
CVE-2008-4712
LnBlog < 0.9.0 - Path Traversal via Plugin Parameter
CVE-2008-4707
BbZL.PhP 0.92 - Path Traversal via lien_2 Parameter
CVE-2008-4702
phpwebgallery 1.3.4 - Path Traversal via user[language] or user[template] Parameter
CVE-2008-4668
Joomla com_imagebrowser 0.1.5 - Path Traversal via Folder Parameter
CVE-2008-4667
ArabCMS 2.0 beta 1 - Path Traversal via RSS Parameter
CVE-2008-4662
LokiCMS 0.3.4 - Unauthenticated Path Traversal via Language Parameter
CVE-2008-4632
Kure 0.6.3 - Path Traversal via Post and Doc Parameters
CVE-2008-4626
yappa-ng 2.3.2-2.3.3-beta0 - Path Traversal via Album Parameter
CVE-2008-4602
Post Affiliate Pro 2.0 - Authenticated Path Traversal via md Parameter
CVE-2008-4592
Sports Clubs Web Panel 0.0.1 - Path Traversal via Index.php p Parameter
CVE-2008-4397
CA ARCserve Backup r11.1-r12.0 - Remote Command Execution via RPC Interface
CVE-2008-4528
Phlatline Personal Information Manager 1.01 - Path Traversal via Notes.php ID Parameter
Details
Vulnerabilities
9,293
Exploit Likelihood
High