Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2023-42456 LOW

sudo-rs < 0.2.1 - Path Traversal via Username with Special Characters

CVE-2023-4760 HIGH

Eclipse RAP 3.0.0-3.25.0 - Remote Code Execution via FileUpload Path Traversal

CVE-2023-4914 HIGH

cecil < 7.47.1 - Path Traversal

CVE-2023-4897 CRITICAL

mintplex-labs/anything-llm <0.0.1 - Path Traversal

CVE-2023-38185 HIGH

Microsoft Exchange Server - Remote Code Execution

CVE-2023-35359 HIGH

Windows Kernel - Elevation of Privilege via Relative Path Traversal

CVE-2023-34394 HIGH

Keysight Geolocation Server < 2.4.2 - Unauthenticated Arbitrary File Upload and Deletion via Improper Path Validation

CVE-2023-2913 HIGH

Rockwell Automation ThinManager 13.0.0-13.0.1 - Path Traversal via API Feature

CVE-2023-34117 LOW

Zoom Client SDK <5.15.0 - Info Disclosure

CVE-2023-37288 MEDIUM

SmartBPM.NET - Unauthenticated Path Traversal via File Download Function

CVE-2023-33144 MEDIUM

Visual Studio Code < 1.79 - Spoofing via Relative Path Traversal

CVE-2023-27993 MEDIUM

FortiADC 7.2.0 and before 7.1.1 - Authenticated Path Traversal via CLI Commands

CVE-2023-2356 HIGH

mlflow/mlflow <2.3.1 - Path Traversal

CVE-2023-30630 HIGH

dmidecode < 3.5 - Arbitrary File Write via -dump-bin Option

CVE-2023-29189 MEDIUM

SAP CRM (WebClient UI) - Auth Bypass

CVE-2023-20066 MEDIUM

Cisco IOS XE - Authenticated Path Traversal in Web UI

CVE-2023-23391 MEDIUM

Office for Android - Spoofing via Relative Path Traversal

CVE-2023-1112 MEDIUM

Drag and Drop Multiple File Upload Contact Form 7 < 5.0.6.3 - Path Traversal via upload_name Parameter

CVE-2023-0511 CRITICAL

ForgeRock Java Policy Agent < 5.10.1 - Authentication Bypass via Relative Path Traversal

CVE-2023-0339 CRITICAL

ForgeRock Access Management Web Policy Agent < 5.10.1 - Authentication Bypass via Relative Path Traversal

CVE-2023-1045 LOW

MuYuCMS 2.2 - Path Traversal via /admin.php/accessory/filesdel.html filedelur Parameter

CVE-2023-1044 MEDIUM

MuYuCMS 2.2 - Path Traversal via /editor/index.php file_path Parameter

CVE-2023-1043 MEDIUM

MuYuCMS 2.2 - Path Traversal via dir_path Parameter in Editor

CVE-2023-23784 MEDIUM

FortiWeb 6.3.6-6.3.20 and 7.0.0-7.0.2 - Path Traversal via Crafted Web Requests

CVE-2023-23778 MEDIUM

FortiWeb 6.2.3-6.2.6, 6.3, 6.4, 7.0-7.0.1 - Authenticated Path Traversal via Crafted Web Requests

Previous Page 12 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy