CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,303 vulnerabilities with CWE-22
CVE-2007-1126
xt-commerce - Path Traversal via Template Parameter
CVE-2007-1076
phpTrafficA <1.4.1 - Path Traversal
CVE-2007-1042
Xpression News (X-News) 1.0.1 - Path Traversal
CVE-2007-1031
SpoonLabs Vivvo Article Management CMS <3.4 - Path Traversal
CVE-2007-0898
ClamAV < 0.90 - Unauthenticated Path Traversal via MIME Header Parameter
CVE-2007-0893
phpMyVisites < 2.2 - Path Traversal via pmv_ck_view Cookie Parameter
CVE-2007-0700
Gsylvain35 Portail Web - Path Traversal
CVE-2007-0205
@lex Guestbook 4.0.2 - Path Traversal via admin/skins.php Parameters
CVE-2006-7112
Maxdev Mdpro < 1.0.76 - Path Traversal
CVE-2006-7117
Kubix < 0.7 - Path Traversal via Theme Cookie or File Parameter
CVE-2006-7079 CRITICAL
exV2 content_management_system < 2.0.4.3 - Remote Code Execution via $xoopsOption['pagetype'] Variable Manipulation
CVSS 9.8
CVE-2006-6725
phpbuilder < 0.0.2 - Path Traversal via Filename Parameter
CVE-2006-6242
Serendipity <= 1.0.3 - Path Traversal via serendipity[charset] Parameter
CVE-2006-6047
Etomite 0.6.1.2 - Authenticated Path Traversal and Arbitrary File Execution via Manager Index f Parameter
CVE-2006-5981
seleniumserver_ftp_server 1.0 - Path Traversal via DIR LIST NLST GET RETR and PUT STOR Commands
CVE-2006-5897
phpMyChat Plus < 1.9 - Path Traversal via ChatPath or L Parameter
CVE-2006-5487
Marshal MailMarshal SMTP 5.x-6.x and 2006 - Path Traversal and Arbitrary File Write via ARJ Archive Filename
CVE-2006-5846
freewebshop < 2.2.2 - Path Traversal via Page Parameter
CVE-2006-5149
OpenBiblio < 0.5.2 - Path Traversal via Page or Tab Parameter
CVE-2006-5031
CakePHP <1.1.8.3544 - Path Traversal
CVE-2006-4013
Symantec Brightmail AntiSpam < 6.0.4 - Path Traversal & Arbitrary File Write
CVE-2006-3934
Alkacon OpenCms < 6.2.2 - Authenticated Path Traversal via downloadTrigger.jsp filePath Parameter
CVE-2006-3360
phpsysinfo 2.5.1 - Path Traversal via lng Parameter
CVE-2006-2758
jetty 6.0.x beta16 - Path Traversal via Encoded URL
CVE-2006-2516
XOOPS < 2.0.13.2 - Path Traversal and Arbitrary File Include via xoopsConfig Parameter
Details
Vulnerabilities 9,303
Exploit Likelihood High