CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,303 vulnerabilities with CWE-22
CVE-2007-6567
XZero Community Classifieds <4.95.11 - Path Traversal
CVE-2007-6581
Social Engine 2.0 - Path Traversal via Global Lang Parameter
CVE-2007-6582
mBlog 1.2 - Path Traversal via Page Parameter
CVE-2007-6584
1024 CMS 1.3.1 - Path Traversal via Lang or Theme Parameters
CVE-2007-6552
AuraCMS 2.2 - Authenticated Path Traversal and Arbitrary File Execution via Index.php Act Parameter
CVE-2007-6554
TeamCal Pro <3.1.000 - Path Traversal
CVE-2007-6528
TikiWiki < 1.9.9 - Path Traversal via Movie Parameter
CVE-2007-6508
xeCMS 1.0 - Path Traversal via List Parameter
CVE-2007-6475
GF-3XPLORER 2.4 - Remote File Inclusion via Lang_sel Parameter
CVE-2007-6483
SafeNet Sentinel Protection Server <7.4.0 - Path Traversal
CVE-2007-6453
RaidenHTTPD 2.0.19 - Path Traversal
CVE-2007-6471
phpay 2.02.01 - Path Traversal via Config Parameter
CVE-2007-4709
Mac OS X 10.5.1 - Path Traversal and Arbitrary File Write via Crafted HTTP Response
CVE-2007-6397
Flat PHP Board <1.2 - Path Traversal
CVE-2007-6400
PolDoc CMS 0.96 - Path Traversal via download_file.php filename Parameter
CVE-2007-6404
Sergey Lyubka Simple HTTPD <1.38 - Path Traversal
CVE-2007-6368
ezcontents 1.4.5 - Path Traversal via Link Parameter
CVE-2007-6369
PictPress < 0.91 - Path Traversal via Size or Path Parameter
CVE-2007-6376
Francisco Burzi PHP-Nuke 8.0 - Path Traversal via autohtml.php filename Parameter
CVE-2007-6378
BadBlue < 2.72b - Unauthenticated Path Traversal and Arbitrary File Write via Filename Parameter
CVE-2007-6344
Mcms Easy Web Make <1.3 - Path Traversal
CVE-2007-6322
xml2owl 0.1.1 - Path Traversal via File Parameter
CVE-2007-6323
MMS Gallery PHP 1.0 - Path Traversal
CVE-2007-6331
HPInfoDLL.HPInfo.1 - Path Traversal
CVE-2007-6317
BarracudaDrive Web Server <3.8 - Path Traversal
Details
Vulnerabilities 9,303
Exploit Likelihood High