CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,302 vulnerabilities with CWE-22
CVE-2008-0818
freePHPgallery 0.6 - Path Traversal via Lang Cookie
CVE-2008-0819
PlutoStatus Locator 1.0 pre alpha - Path Traversal via Page Parameter
CVE-2008-0822
Scribe 0.2 - Path Traversal via Page Parameter
CVE-2008-0812
BanPro net_banpro_dms 1.0 - Path Traversal via DMS/index.php Action Parameter
CVE-2008-0813
XPWeb 3.0.1, 3.3.2 - Path Traversal via Download.php url Parameter
CVE-2008-0814
TRUC 0.11.0 - Path Traversal via download.php upload_filename Parameter
CVE-2008-0797
itheora 1.0 rc1 - Path Traversal via URL Parameter
CVE-2008-0798
artmedic weblog 1.0 - Path Traversal via ta or date Parameter
CVE-2008-0790
Intermate WinIPDS 3.3 G52-33-021 - Path Traversal via URI
CVE-2008-0794
Affiliate Market 0.1 BETA - Path Traversal via Language Parameter
CVE-2008-0782
MoinMoin 1.5.8 - Unauthenticated Path Traversal and Arbitrary File Write via MOIN_ID Cookie
CVE-2008-0758
ExtremeZ-IP File and Print Server < 5.1.2 - Path Traversal via Dot Dot Backslash Sequence
CVE-2008-0760
SafeNet Sentinel Protection Server < 7.4.1 and Sentinel Keys Server < 1.0.4.0 - Path Traversal via URI
CVE-2008-0745
DomPHP 0.82 - Path Traversal via Page Parameter
CVE-2008-0742
PowerScripts PowerNews 2.5.6 - Path Traversal via Subpage Parameter
CVE-2008-0703
sflog < 0.96 - Path Traversal via Permalink or Section Parameter
CVE-2008-0418
Mozilla Firefox < 2.0.0.12, Thunderbird < 2.0.0.12, and SeaMonkey < 1.1.8 - Directory Traversal via Chrome URI Scheme
CVE-2008-0654
Azucar CMS 1.3 - Path Traversal via _VIEW Parameter
CVE-2008-0602
All Club CMS < 0.0.1f - Path Traversal and Arbitrary File Execution via class_name Parameter
CVE-2008-0609
DivideConcept VHD Web Pack 2.0 - Remote File Inclusion via Page Parameter Path Traversal
CVE-2008-0612
XOOPS 2.0.18 - Path Traversal via Lang Parameter
CVE-2008-0615
DMSGuestbook 1.7.0-1.8.0 - Authenticated Path Traversal via Folder and File Parameters
CVE-2008-0559
Nilson's Blogger 0.11 - Path Traversal via Permalink or Thispost Parameter
CVE-2008-0542
Gerd Tentler Simple Forum 3.2 - Path Traversal via Thumbnail.php File Parameter
CVE-2008-0545
Bubbling Library 1.32 - Path Traversal via URI or Page Parameter
Details
Vulnerabilities 9,302
Exploit Likelihood High