Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2023-23379 HIGH

Microsoft Defender for IoT < 22.3.6 - Elevation of Privilege via Relative Path Traversal

CVE-2023-0745 MEDIUM

YugabyteDB Anywhere 2.0.0.0-2.13.0.0 - Path Traversal and Arbitrary File Write via Backup Upload Endpoint

CVE-2023-20040 MEDIUM

Cisco Network Services Orchestrator 3.3-5.4.6 - Authenticated Arbitrary File Write and DoS via NETCONF

CVE-2022-42474 MEDIUM

Fortinet Fortiproxy < 1.0.7 - Path Traversal

CVE-2022-42470 HIGH

FortiClient 6.0.0-6.0.10 - Unauthenticated Path Traversal via Named Pipe

CVE-2022-42476 HIGH

FortiProxy 1.1.0-1.1.5 - Privilege Escalation via CLI Request Path Traversal

CVE-2022-3162 MEDIUM

kubernetes <1.22.15 and 1.25.0-1.25.4 - Unauthorized Custom Resource Access via Path Traversal

CVE-2022-41335 HIGH

Fortinet FortiOS <7.2.2 - Path Traversal

CVE-2022-30300 MEDIUM

FortiWeb 6.3.6-6.3.18, 7.0.0-7.0.1 - Authenticated Path Traversal via HTTP GET Request

CVE-2022-30299 MEDIUM

FortiWeb 6.0.0-6.0.7, 6.1-6.3.19, 6.4, 7.0.0-7.0.1 - Authenticated Path Traversal via API

CVE-2022-29844 MEDIUM

Western Digital My Cloud OS 5 - Path Traversal and Arbitrary File Write via FTP Service

CVE-2022-38205 HIGH

Esri Portal for ArcGIS <10.9.1 - Path Traversal

CVE-2022-38202 HIGH

Esri ArcGIS Server <10.9.1 - Path Traversal

CVE-2022-23854 HIGH

AVEVA InTouch Access Anywhere <2020 R2 - Path Traversal

CVE-2022-23531 MEDIUM

GuardDog < 0.1.5 - Arbitrary File Write via Tarfile Extraction Path Traversal

CVE-2022-4123 LOW

Podman - Path Traversal

CVE-2022-42892 MEDIUM

syngo Dynamics < VA40G HF01 - Unauthenticated Directory Listing via Web Service Operation

CVE-2022-39345 CRITICAL

gin-vue-admin < 2.5.4 - Path Traversal and Arbitrary File Write

CVE-2022-22245 MEDIUM

Juniper Networks Junos OS <19.1R3-S9, <19.2 - Path Traversal

CVE-2022-33937 HIGH

Dell GeoDrive 1.0-2.2 - Path Traversal

CVE-2022-2922 MEDIUM

Dnnsoftware Dotnetnuke < 9.11.0 - Path Traversal

CVE-2022-28814 CRITICAL

Carlo Gavazzi UWP3.0 - Path Traversal

CVE-2022-36081 HIGH

wikmd < 1.7.1 - Path Traversal via /list Endpoint

CVE-2022-34378 MEDIUM

Dell PowerScale OneFS 9.0.0-9.1.0.20, 9.2.1.13, 9.3.0.6, 9.4.0.3 - Denial of Service via Relative Path Traversal

CVE-2022-34836 MEDIUM

ABB Zenon < 8.20 - Path Traversal and Log Flooding

Previous Page 13 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy