CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,299 vulnerabilities with CWE-22
CVE-2008-3192
jsite 1.0 OE - Path Traversal via Module Parameter
CVE-2008-3194
pluck 4.5.1 - Path Traversal via langpref file blogpost or cat Parameter
CVE-2008-3179
Web 2 Business phpDatingClub 3.7 - Path Traversal via Page Parameter
CVE-2008-3163
DodosMail 2.5 - Path Traversal via dodosmail_header_file Parameter
CVE-2008-3164
fuzzylime CMS <3.01 - Path Traversal
CVE-2008-3165
fuzzylime_cms < 3.01 - Path Traversal via RSS p Parameter
CVE-2008-3149
F5 FirePass 1200 6.0.2 hotfix 3 - Denial of Service via SNMP hrSWInstalled OID Branch Walk
CVE-2008-3150
Neutrino Atomic Edition 0.8.4 - Path Traversal
CVE-2008-3128
Pivot 1.40.5 - Path Traversal via Search Parameter
CVE-2008-3087
Kasseler CMS 1.3.0 - Path Traversal via File Parameter
CVE-2008-3071
MyBB < 1.2.12 - Path Traversal via $language Variable
CVE-2008-3031
Simple PHP Agenda <= 2.2.4 - Remote File Inclusion via Page Parameter
CVE-2008-3036
CMS little 0.0.1 - Path Traversal via Template Parameter
CVE-2008-2993
FOG Forum 0.8.1 - Path Traversal and Arbitrary File Execution via fog_lang and fog_skin Parameters
CVE-2008-2961
CMS Mini 0.2.2 - Path Traversal via Path or P Parameter
CVE-2008-2966
JaxUltraBB < 2.0 - Path Traversal via User Parameter
CVE-2008-2969
Academic Web Tools <= 1.4.2.8 - Path Traversal via dfile Parameter
CVE-2008-2974
MM Chat 1.5 - Path Traversal via currentlang Parameter
CVE-2008-2976
TinX/cms 1.1 - Path Traversal via Language or Prefix Parameter
CVE-2008-2978
Ourvideo CMS 9.5 - Path Traversal via RSS Prefix Parameter
CVE-2008-2982
HomePH Design 2.10 RC2 - Path Traversal via Multiple Parameters
CVE-2008-2985
CMReams CMS 1.3.1.1 Beta 2 - Path Traversal via load_language.php page_language Parameter
CVE-2008-2942
Mercurial 1.0.1 - Path Traversal via Patch File
CVE-2008-2913
Devalcms 1.4a - Remote File Inclusion and Path Traversal via func.php currentpath Parameter
CVE-2008-2887
FubarForum 1.5 - Path Traversal via Page Parameter
Details
Vulnerabilities 9,299
Exploit Likelihood High