CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,299 vulnerabilities with CWE-22
CVE-2008-2889
AceBIT WISE-FTP 4.1.0 and 5.5.8 - Path Traversal via FTP LIST Command Response
CVE-2008-2894
NCH Software Classic FTP 1.02 - Path Traversal via FTP LIST Command Response
CVE-2008-2895
AproxEngine 5.1.0.4 - Path Traversal via Page Parameter
CVE-2008-2896
FireAnt 1.3 - Remote Code Execution via Page Parameter Path Traversal
CVE-2008-2898
hedgehog-cms 1.21 - Path Traversal and Arbitrary File Execution via c_temp_path Parameter
CVE-2008-2876
munky 0.0.1 - Remote File Inclusion via Zone Parameter Path Traversal
CVE-2008-2863
elinestudio site_composer < 2.6 - Path Traversal via inpCurrFolder Parameter
CVE-2008-2838
traindepot 0.1 - Path Traversal via Module Parameter
CVE-2008-2840
Exero CMS 1.0.0 and 1.0.1 - Path Traversal via Theme Parameter
CVE-2008-2813
WallCity-Server Shoutcast Admin Panel 2.0 - Remote File Inclusion via Page Parameter
CVE-2008-2818
Easy-Clanpage 3.0 b1 - Path Traversal via Section Parameter
CVE-2008-2820
Open Azimyt CMS 0.21-0.22 - Path Traversal via Lang Parameter
CVE-2008-2821
Glub Tech Secure FTP < 2.5.15 - Path Traversal via FTP LIST Response
CVE-2008-2822
3D-FTP Client 8.01 - Path Traversal via LIST or MLSD Command Response
CVE-2008-2795
UltraEdit 14.00b - Path Traversal via FTP/SFTP LIST Command Response
CVE-2008-2665
PHP <= 5.2.6 - Directory Traversal via HTTP URL Canonicalization
CVE-2008-2666
PHP < 5.2.6 - Directory Traversal via http URL Argument to chdir or ftok
CVE-2008-2779
GlobalSCAPE CuteFTP Home/Pro 8.2.0 - Path Traversal via FTP LIST Command
CVE-2008-2782
OtomiGenX 2.2 - Directory Traversal and Arbitrary File Execution via Lang Parameter
CVE-2008-2695
phpinv 0.8.0 - Remote File Inclusion via Action Parameter Path Traversal
CVE-2008-2699
Galatolo WebManager 1.0 - Path Traversal via Plugin or Com Parameter
CVE-2008-2702
ESTsoft ALFTP 4.1 beta 2 and 5.0 - Path Traversal via FTP LIST Response
CVE-2008-2687
ProManager 0.73 - Remote File Inclusion via Language Parameter Path Traversal
CVE-2008-2672
erfurtwiki < r1.02b - Path Traversal via ewiki_id, ewiki_action, or id Parameter
CVE-2008-2650
CMSimple 3.1 - Path Traversal and Arbitrary File Execution via sl Parameter
Details
Vulnerabilities 9,299
Exploit Likelihood High