CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22
CVE-2024-10902 CRITICAL
db-gpt v0.6.0 - Unauthenticated Arbitrary File Upload and Path Traversal via Agent Upload API
CVSS 9.8
CVE-2024-10830 HIGH
db-gpt 0.6.0 - Path Traversal and Arbitrary File Deletion via File Key Parameter
CVSS 8.2
CVE-2024-10707 MEDIUM
gaizhenbiao/chuanhuchatgpt - Unauthenticated Path Traversal via gr.JSON Component
CVSS 6.5
CVE-2024-10513 HIGH
AnythingLLM < 1.2.2 - Authenticated Path Traversal and Arbitrary File Manipulation via Document Uploads Manager
CVSS 7.2
CVE-2024-10361 CRITICAL
librechat v0.7.5-rc2 - Arbitrary File Deletion via Path Traversal in /api/files Endpoint
CVSS 9.1
CVE-2024-7631 MEDIUM
OpenShift Console - Authenticated Path Traversal via Locales Endpoint Parameters
CVSS 4.3
CVE-2024-57170 MEDIUM
SOPlanning 1.53.00 - Authenticated Path Traversal and Arbitrary File Deletion via fichier_to_delete Parameter
CVSS 6.5
CVE-2024-8510 MEDIUM
n-able n-central < 2024.6 - Path Traversal to Apache Tomcat WEB-INF Directory
CVSS 5.3
CVE-2024-30143 MEDIUM
HCL AppScan Traffic Recorder - Path Traversal
CVSS 4.3
CVE-2024-55597 MEDIUM
FortiWeb 7.0.0-7.6.0 - Path Traversal via Crafted Requests
CVSS 5.5
CVE-2024-12035 HIGH
CS Framework plugin for WordPress <6.9 - Privilege Escalation
CVSS 8.8
CVE-2024-10804 HIGH
The Ultimate Video Player WordPress & WooCommerce Plugin <10.0 - Pa...
CVSS 7.5
CVE-2024-13894 MEDIUM
Smartwares cameras <3.3.0 - Path Traversal
CVE-2024-13897 MEDIUM
Moving Media Library <1.22 - Privilege Escalation
CVSS 6.5
CVE-2024-13471 HIGH
DesignThemes Core Features <4.7 - Info Disclosure
CVSS 7.5
CVE-2024-51966 MEDIUM
ESRI ArcGIS Server <11.3 - Path Traversal
CVSS 4.9
CVE-2024-51958 MEDIUM
ESRI ArcGIS Server <=11.3 - Path Traversal
CVSS 4.9
CVE-2024-8262 CRITICAL
Proliz Software OBS <24.0927 - Path Traversal
CVSS 9.8
CVE-2024-13910 HIGH
Database Backup and check Tables Automated With Scheduler 2024 <2.3...
CVSS 7.2
CVE-2024-38292 CRITICAL
Extreme Networks XIQ-SE <24.2.11 - Path Traversal
CVSS 9.8
CVE-2024-54169 MEDIUM
IBM EntireX 11.1 - Authenticated Path Traversal via Dot Dot Sequences
CVSS 6.5
CVE-2024-55457 MEDIUM
MasterSAM Star Gate 11 - Path Traversal
CVSS 6.5
CVE-2024-49780 MEDIUM
IBM OpenPages <9.0 - Path Traversal
CVSS 5.3
CVE-2024-13725 CRITICAL
Keap Official Opt-in Forms <= 2.0.1 - Unauthenticated Local File Inclusion via Service Parameter
CVSS 9.8
CVE-2024-13538 MEDIUM
BigBuy Dropshipping Connector for WooCommerce <= 2.0.0 - Unauthenticated Full Path Disclosure via generate-default.php
CVSS 5.3
Details
Vulnerabilities 9,142
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits