Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2021-41242 HIGH

OpenOlat <15.5.12-16.0.5 - Path Traversal

CVE-2021-20040 HIGH

SonicWall SMA 200/210/400/410/500v Firmware - Unauthenticated Path Traversal via Upload Function

CVE-2021-43176 HIGH

GOautodial <3c3a979 - Code Injection

CVE-2021-43555 HIGH

mySCADA myDESIGNER <8.20.0 - Path Traversal

CVE-2021-22870 MEDIUM

GitHub Enterprise Server <3.3 - Path Traversal

CVE-2021-34594 MEDIUM

Beckhoff TF6100 and TS6100 Firmware < 4.3.48.0 - Path Traversal and Arbitrary File Manipulation

CVE-2021-41178 HIGH

Nextcloud <20.0.13, 21.0.5, 22.2.0 - Path Traversal

CVE-2021-41127 HIGH

rasa < 2.8.10 - Path Traversal and Arbitrary File Write via Malicious Model Tarball

CVE-2021-41152 HIGH

OpenOlat < 15.5.8 - Path Traversal via Folder Component File Download

CVE-2021-40870 CRITICAL KEV

Aviatrix Controller <6.5-1804.1922 - Code Injection

CVE-2021-32825 LOW

bblfshd < 2021-08-11 - Path Traversal and Arbitrary File Write via Unsafe Symbolic Link Handling

CVE-2021-22674 MEDIUM

WebAccess/SCADA <8.4.5-9.0.1 - Path Traversal

CVE-2021-32954 MEDIUM

Advantech WebAccess/SCADA <9.0.1 - Path Traversal

CVE-2021-24035 CRITICAL

WhatsApp and WhatsApp Business < 2.21.8.13 - Path Traversal via Archive Extraction

CVE-2021-28798 HIGH

QNAP QTS 4.3.2.0144-4.3.3.1624 and QuTS hero < h4.5.2.1638 - Relative Path Traversal

CVE-2021-29488 MEDIUM

SABnzbd < 3.0.0 - Path Traversal via Malicious PAR2 Files

CVE-2021-29101 HIGH

ArcGIS GeoEvent Server <= 10.8.1 - Unauthenticated Path Traversal

CVE-2021-29100 HIGH

Esri ArcGIS Earth < 1.11.0 - Path Traversal and Arbitrary File Write via Crafted File Upload

CVE-2020-25150 HIGH

B. Braun SpaceCom < L81 & Data Module CompactPlus A10-A11 - Authenticated Path Traversal & Arbitrary File Write

CVE-2020-25176 CRITICAL

Schneider-electric Easergy T300 Firmware < 2.7.1 - Path Traversal

CVE-2020-27304 CRITICAL

CivetWeb 1.8-1.14 - Path Traversal via File Upload Form Handler

CVE-2020-4039 HIGH

fossasia/susi.ai < 2020-05-13 - Path Traversal and Arbitrary File Manipulation

CVE-2020-7861 HIGH

AnySupport <2019.3.21.0 - Path Traversal

CVE-2020-8570 CRITICAL

Kubernetes Java Client <10.0.0 - Path Traversal

CVE-2020-17518 HIGH

Apache Flink <1.11.3-1.12.0 - Path Traversal

Previous Page 15 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy