CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23
CVE-2020-8271 CRITICAL
Citrix SD-WAN Center <11.2.2-10.2.8 - RCE
CVSS 9.8
CVE-2020-25172 CRITICAL
B. Braun OnlineSuite < 3.0 - Unauthenticated Path Traversal and Arbitrary File Upload/Download
CVSS 9.8
CVE-2020-8254 HIGH
Pulse Secure Desktop Client <9.1R9 - RCE
CVSS 8.8
CVE-2020-3597 MEDIUM
Cisco Nexus Data Broker < 3.9(0) - Unauthenticated Path Traversal via Configuration Restore Feature
CVSS 5.4
CVE-2020-1904 MEDIUM
WhatsApp and WhatsApp Business < 2.20.61 - Path Traversal via Crafted Office File Attachments
CVSS 5.5
CVE-2020-7377 HIGH
Metasploit 4.12.40-6.0.3 - Path Traversal and Arbitrary File Write via Telpho10 Credential Dump Module
CVSS 8.1
CVE-2020-7376 HIGH
Metasploit 4.11.7-6.0.3 - Path Traversal and Arbitrary File Write via get_keychains Method
CVSS 7.1
CVE-2020-5410 HIGH KEV
Spring Cloud Config <2.2.3 & <2.1.9 - Path Traversal
CVSS 7.5
CVE-2020-12026 HIGH
Advantech WebAccess < 8.4.4 and 9.0.0 - Path Traversal and Arbitrary File Write
CVSS 8.8
CVE-2020-12010 HIGH
Advantech WebAccess < 8.4.4 and 9.0.0 - Authenticated Path Traversal via Specially Crafted File
CVSS 7.1
CVE-2020-12006 CRITICAL
Advantech WebAccess < 8.4.4 - Authenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2020-10631 CRITICAL
WebAccess/NMS <3.0.2 - Path Traversal
CVSS 9.8
CVE-2020-10619 CRITICAL
WebAccess/NMS <3.0.2 - Path Traversal
CVSS 9.1
CVE-2020-7008 HIGH
VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module - Path Traversal via URL Input
CVSS 7.5
CVE-2020-5284 MEDIUM
Next.js < 9.3.2 - Path Traversal in Dist Directory
CVSS 4.4
CVE-2020-5280 HIGH
http4s < 0.18.26 - Path Traversal via URI Normalization Bypass
CVSS 7.6
CVE-2020-8865 MEDIUM
Horde Groupware Webmail Edition 5.2.22 - RCE
CVSS 6.3
CVE-2020-5405 MEDIUM
Spring Cloud Config <2.2.2 & <2.1.7 - Path Traversal
CVSS 6.5
CVE-2020-5237 HIGH
1UP Oneupuploaderbundle < 1.9.3 - Path Traversal
CVSS 8.8
CVE-2019-19287 MEDIUM
Siemens XHQ < 6.1.0.0 - Unauthenticated Path Traversal
CVSS 6.5
CVE-2019-17640 CRITICAL
Eclipse Vert.x 3.4.0-3.9.4 - Path Traversal via StaticHandler on Windows
CVSS 9.8
CVE-2019-18338 HIGH
SINVR 3 Central Control Server < V1.5.0 - Authenticated Path Traversal via XML Communication Protocol
CVSS 7.7
CVE-2019-13944 MEDIUM
Siemens EN100 Ethernet Module - Unauthenticated Path Traversal via Web Server
CVSS 5.3
CVE-2019-3976 HIGH
MikroTik RouterOS < 6.44.5 and < 6.45.6 - Authenticated Directory Traversal via Upgrade Package Name Field
CVSS 8.8
CVE-2019-0074 MEDIUM
Juniper Junos OS - Authenticated Path Traversal in NFX150, QFX10K, EX9200, MX, and PTX Series with NG-RE
CVSS 5.5
Details
Vulnerabilities 417
Links
MITRE CWE Entry Search this CWE With Exploits