CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,144 vulnerabilities with CWE-22
CVE-2024-44015 HIGH
Users Control <1.0.16 - Path Traversal
CVSS 7.5
CVE-2024-44014 CRITICAL
Vmax Project Manager <1.0 - Path Traversal
CVSS 9.6
CVE-2024-44013 HIGH
VR Calendar <2.4.0 - Path Traversal
CVSS 7.5
CVE-2024-44012 HIGH
wpdev33 WP Newsletter Subscription <1.1 - Path Traversal
CVSS 7.5
CVE-2024-44011 HIGH
WP Ticket Ultra <1.0.5 - Path Traversal
CVSS 7.5
CVE-2024-47841 HIGH
The Wikimedia Foundation Mediawiki - CSS Extension <1.42.2-1.41.3-1...
CVSS 7.5
CVE-2024-41511 LOW
CADClick < 1.11.0 - Path Traversal via BinaryFileRedirector.ashx Path Parameter
CVSS 3.9
CVE-2024-47769 HIGH
idurar < 4.1.0 - Unauthenticated Path Traversal via Public Endpoint
CVSS 7.5
CVE-2024-41922 HIGH
Veertu Anka Build 1.42.0 - Unauthenticated Directory Traversal via Log Files Download
CVSS 7.5
CVE-2024-41163 HIGH
Veertu Anka Build 1.42.0 - Unauthenticated Path Traversal via Archive Functionality
CVSS 7.5
CVE-2024-9100 MEDIUM
Zohocorp ManageEngine Analytics Plus <5410 - Path Traversal
CVSS 6.5
CVE-2024-8352 HIGH
Social Web Suite < 4.1.11 - Unauthenticated Path Traversal via download_log Function
CVSS 7.5
CVE-2024-46977 MEDIUM
OpenC3 COSMOS < 5.19.0 - Authenticated Path Traversal via LocalMode open_local_file
CVSS 6.5
CVE-2024-24122 LOW
Wondershare Edraw - Remote Code Execution via Malicious EXP.ADPX File Decompression
CVSS 3.3
CVE-2024-20449 HIGH
Cisco Nexus Dashboard Fabric Controller - RCE
CVSS 8.8
CVE-2024-44030 HIGH
Mestres do WP Checkout Mestres WP <8.6 - Path Traversal
CVSS 7.2
CVE-2024-44017 HIGH
MinHyeong Lim MH Board <1.3.2.1 - Path Traversal
CVSS 7.5
CVE-2024-47071 MEDIUM
OSS Endpoint Manager - Privilege Escalation
CVSS 6.8
CVE-2024-25659 HIGH
Nokia Transcend Network Management System - Path Traversal
CVSS 7.2
CVE-2024-9224 MEDIUM
Hello World < 2.1.1 - Authenticated Arbitrary File Read via hello_world_lyric()
CVSS 6.5
CVE-2024-33369 HIGH
Plasmoapp RPShare Fabric mod 1.0.0 - Remote Code Execution via getFileNameFromConnection Path Traversal
CVSS 8.8
CVE-2024-9301 HIGH
E2Nest < 2024-09-05 - Path Traversal
CVSS 7.5
CVE-2024-7149 HIGH
Eventin < 4.0.8 - Authenticated Local File Inclusion via Style Parameters
CVSS 8.8
CVE-2024-47292 MEDIUM
Huawei EMUI and HarmonyOS - Path Traversal in Bluetooth Module
CVSS 6.2
CVE-2024-47171 MEDIUM
agnai < 1.0.330 - Path Traversal and Arbitrary File Write via Image Upload
CVSS 4.3
Details
Vulnerabilities 9,144
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits