Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,143 vulnerabilities with CWE-22

CVE-2024-11313 CRITICAL

DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11312 CRITICAL

DVC 6.0-<6.4 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11311 CRITICAL

DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11310 HIGH

DVC 6.0-6.3 - Unauthenticated Path Traversal

CVE-2024-11309 HIGH

DVC 6.0-6.3 - Unauthenticated Path Traversal

CVE-2024-9935 HIGH

PDF Generator Addon - Path Traversal

CVE-2024-44625 HIGH

Gogs <= 0.13.0 - Path Traversal via editFilePost Function

CVE-2024-50649 CRITICAL

python_book V1.0 - Arbitrary File Upload via User Avatar Upload Function

CVE-2024-50648 CRITICAL

yshopmall V1.0 - Arbitrary File Upload and Remote Code Execution via JSP File Parsing

CVE-2024-41784 HIGH

IBM Sterling Secure Proxy <6.1.0.0 - Path Traversal

CVE-2024-11239 MEDIUM

Landray EKP < 16.0 - Path Traversal via Import API DeleteFile Function

CVE-2024-11238 MEDIUM

Landray EKP < 16.0 - Path Traversal via delPreviewFile directoryPath Parameter

CVE-2024-42499 MEDIUM

FitNesse <20241026 - Path Traversal

CVE-2024-52396 MEDIUM

WOLF - WordPress Posts Bulk Editor and Products Manager Professional < 1.0.8.4 - Path Traversal via CSV Import

CVE-2024-52378 HIGH

Labs64 DigiPass <0.3.0 - Path Traversal

CVE-2024-52371 HIGH

DonnellC Global Gateway e4-2.0 - Path Traversal

CVE-2024-11210 MEDIUM

EyouCMS 1.51 - Path Traversal via FilemanagerLogic.php editFile Function

CVE-2024-50843 MEDIUM

PHPGurukul User Registration & Login and User Management System 3.2 - Directory Listing via /loginsystem/assets

CVE-2024-11215 MEDIUM

EasyPHP Webserver 14.1 - Path Traversal via Consecutive '/...%5c' Strings

CVE-2024-47916 HIGH

Boa web server 0.94.14rc21 - Path Traversal

CVE-2024-45253 HIGH

Avigilon VideoIQ iCVR HD camera - Path Traversal

CVE-2024-2552 MEDIUM

PAN-OS >=10.2.0 <10.2.7 - Authenticated Command Injection via Management Plane

CVE-2024-21799 HIGH

Intel(R) Extension for Transformers <1.5 - Privilege Escalation

CVE-2024-52292 HIGH

Craft CMS 3.5.13-4.12.7 and 5.0.0-alpha.1-5.4.8 - Authenticated Path Traversal via dataUrl Function

CVE-2024-52291 HIGH

Craft CMS 4.0.0-4.12.4 and 5.0.0-RC1-5.4.5 - Authenticated Path Traversal via Double file:// Scheme

Previous Page 93 of 366 Next

Details

Vulnerabilities 9,143

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy