CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,299 vulnerabilities with CWE-22
CVE-2008-2938
Apache Tomcat 4.1.0-4.1.37, 5.5.0-5.5.26, 6.0.0-6.0.16 - Directory Traversal via Encoded URI Sequences
CVE-2008-3600
Gallery <1.5.7-1.6-alpha3 - Path Traversal
CVE-2008-3589
moziloCMS 1.10.1 - Path Traversal via Download.php Cat Parameter
CVE-2008-3593
SyzygyCMS 0.3 - Remote File Inclusion via Page Parameter Path Traversal
CVE-2008-3562
Chupix CMS 0.1.0 - Path Traversal via Contact Module mods Parameter
CVE-2008-3564
Dayfox Blog 4 - Remote File Inclusion via Path Traversal in p, cat, and archive Parameters
CVE-2008-3568
UNAK-CMS 1.5.5 - Path Traversal via Dirroot Parameter
CVE-2008-3555
WSN Links <= 4.1.44 - Remote File Inclusion via TID Parameter
CVE-2008-3486
Coppermine Photo Gallery <1.4.18 - Path Traversal
CVE-2008-3446
LetterIt 2 - Remote File Inclusion via Language Parameter Path Traversal
CVE-2008-2370
Apache Tomcat 4.1.0-4.1.37, 5.5.0-5.5.26, 6.0.0-6.0.16 - Path Traversal via RequestDispatcher
CVE-2008-3415
CMScout 2.05 - Remote File Inclusion via Directory Traversal in bit Parameter
CVE-2008-3390
Minishowcase Image Gallery <09b136 - Path Traversal
CVE-2008-3405
nzFotolog 0.4.1 - Path Traversal via Action File Parameter
CVE-2008-3384
Interact Learning Community Environment Interact 2.4.1 - Path Traversal via Help Module and File Parameters
CVE-2008-3385
php Help Agent 1.0-1.1 Full - Path Traversal
CVE-2008-3365
Pixelpost 1.7.1 - Remote Code Execution via Language Parameter Path Traversal
CVE-2008-3371
TalkBack < 2.3.6.2 - Remote File Inclusion via Language Parameter
CVE-2008-3363
Dokeos E-Learning System <1.8.5 - Path Traversal
CVE-2008-3333
Mantis < 1.1.2 - Remote File Inclusion via Language Parameter
CVE-2008-3312
Lemon CMS 1.10 - Path Traversal via Dir Parameter
CVE-2008-3296
XOOPS 2.0.18.1 - Path Traversal and Arbitrary File Execution via fct Parameter
CVE-2008-3293
EZWebAlbum - Path Traversal via dlfilename Parameter
CVE-2008-3205
Easy-Script Wysi Wiki Wyg 1.0 - Path Traversal
CVE-2008-3190
1Scripts CodeDB 1.1.1 - Remote File Inclusion via Lang Parameter Path Traversal
Details
Vulnerabilities 9,299
Exploit Likelihood High