CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,293 vulnerabilities with CWE-22
CVE-2008-4526
CCMS 3.1 - Path Traversal via Skin Parameter
CVE-2008-4522
JMweb MP3 Music Audio Search and Download Script - Path Traversal via src Parameter
CVE-2008-4519
Fastpublish CMS 1.9999 d - Path Traversal via Target Parameter
CVE-2008-4501
Serv-U File Server 7.0.0.1-7.3 - Authenticated Path Traversal via RNTO Command
CVE-2008-4499
PHP Web Explorer Lite < 0.99b - Path Traversal via Refer or File Parameter
CVE-2008-4490
phpabook < 0.8.8b - Remote File Inclusion via UserInfo Cookie
CVE-2008-4489
Atarone CMS 1.2.0 - Path Traversal via Theme Chosen Parameter
CVE-2008-4486
Yerba < 6.3 - Remote Code Execution via Path Traversal in mod Parameter
CVE-2008-4483
Crux Gallery < 1.32 - Remote File Inclusion via Theme Parameter
CVE-2008-4471
Autodesk Design Review and DWF Viewer - Path Traversal and Arbitrary File Write via SaveAS Method
CVE-2008-4421
MetaGauge < 1.0.3.38 - Path Traversal via Dot Dot Backslash in URL
CVE-2008-4455
MySQL Quick Admin 1.5.5 - Path Traversal via Language Cookie
CVE-2008-4454
MySQL Quick Admin 1.5.5 - Path Traversal via Lang Parameter
CVE-2008-4437
Bugzilla < 2.22.5 and 3.x < 3.0.5 - Path Traversal via XML Import Data Element
CVE-2008-4425
Phlatline Personal Information Manager 1.0 - Path Traversal & Arbitrary File Deletion via Upload.php
CVE-2008-2439
Trend Micro OfficeScan and Worry-Free Business Security - Directory Traversal via HTTP Request
CVE-2008-4361
PowerPortal 2.0.13 - Path Traversal via Path Parameter
CVE-2008-4351
phpSmartCom 0.2 - Path Traversal via Index.php p Parameter
CVE-2008-4346
TalkBack 2.3.6 and 2.3.6.4 - Path Traversal via Language Parameter
CVE-2008-4331
phpocs < 0.1 - Path Traversal via Act Parameter
CVE-2008-4330
LanSuite 3.3.2 - Remote File Inclusion via Design Parameter Path Traversal
CVE-2008-4243
Unreal Tournament 3 WebAdmin < 1.7 - Unauthenticated Path Traversal via ImageServer URI
CVE-2008-4068
Mozilla Firefox < 2.0.0.17 and 3.x < 3.0.2 - Directory Traversal via Resource URI
CVE-2008-4067
Firefox < 2.0.0.17 and 3.x < 3.0.2 - Directory Traversal via Resource URI
CVE-2008-4151
CYASK 3.x - Path Traversal via Neturl Parameter
Details
Vulnerabilities 9,293
Exploit Likelihood High