CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23
CVE-2019-13408 HIGH
Advan VD-1 Firmware < 230 - Unauthenticated Path Traversal via ExportSettings.cgi Download Parameter
CVSS 7.5
CVE-2019-11826 HIGH
Synology Moments <1.3.0-0691 - Path Traversal
CVSS 8.0
CVE-2019-11822 MEDIUM
Synology Photo Station <6.8.11-3489, <6.3-2977 - Path Traversal
CVSS 4.3
CVE-2019-3943 HIGH
MikroTik RouterOS < 6.42.12, < 6.43.12, < 6.44beta75 - Authenticated Path Traversal via HTTP or Winbox Interface
CVSS 8.1
CVE-2018-12476 MEDIUM
SUSE Linux Enterprise Server 15, openSUSE Factory - Path Traversal
CVSS 4.3
CVE-2018-13299 MEDIUM
Synology Calendar < 2.2.2-0532 - Authenticated Path Traversal and Arbitrary File Write via Attachment Uploader
CVSS 4.3
CVE-2018-18990 MEDIUM
LCDS Laquis SCADA < 4.1.0.4150 - Path Traversal
CVSS 5.3
CVE-2018-12473 LOW
Open Build Service <70d1aa4cc4- Path Traversal
CVSS 3.1
CVE-2018-14795 HIGH
Emerson DeltaV 11.3.1 12.3.1 13.3.0 13.3.1 R5 - Path Traversal
CVSS 8.8
CVE-2018-10615 HIGH
GE MDS PulseNET <3.2.1 - Path Traversal
CVSS 8.1
CVE-2018-5448 MEDIUM
Medtronic 2090 CareLink Programmer Firmware - Path Traversal
CVSS 4.8
CVE-2017-9664 CRITICAL
ABB SREA-01 <3.31.5 & SREA-50 <3.32.8 - Info Disclosure
CVSS 9.8
CVE-2017-0918 HIGH
Gitlab CE <10.3 - Path Traversal, RCE
CVSS 8.8
CVE-2017-13996 HIGH
LOYTEC LVIS-3ME <6.2.0 - Path Traversal
CVSS 8.8
CVE-2016-20023 MEDIUM
CKSource CKFinder <2.5.0.1 - File Download
CVSS 5.0
CVE-2012-6069 CRITICAL
CODESYS Runtime System - Path Traversal and Arbitrary File Write via File Transfer Functionality
CVSS 10.0
CVE-2012-5972
SpecView < 2.5 Build 853 - Path Traversal via URI
Details
Vulnerabilities 417
Links
MITRE CWE Entry Search this CWE With Exploits