Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2024-8510 MEDIUM

n-able n-central < 2024.6 - Path Traversal to Apache Tomcat WEB-INF Directory

CVE-2024-54449 HIGH

LogicalDOC < 9.1 - Authenticated Arbitrary File Write and Remote Code Execution via Document API

CVE-2024-12019 HIGH

LogicalDOC Community < 9.1 - Authenticated Relative Path Traversal

CVE-2024-56340 MEDIUM

IBM Cognos Analytics 11.2.0-11.2.4 FP5 - Local File Inclusion via Deficon Parameter

CVE-2024-47051 CRITICAL

Mautic < 5.2.3 - Authenticated Remote Code Execution and Path Traversal via Asset Upload

CVE-2024-13791 MEDIUM

Bit Assist < 1.5.2 - Authenticated Path Traversal via downloadResponseFile()

CVE-2024-54462 HIGH

image_picker_android >=0.8.5+6 <0.8.12+18 - Path Traversal via Malicious Document Provider

CVE-2024-54461 HIGH

file_selector_android 0.5.1-0.5.1+11 - Path Traversal via Malicious Document Provider

CVE-2024-52012 MEDIUM

Apache Solr <9.7.0 - Path Traversal

CVE-2024-46664 MEDIUM

Fortinet FortiRecorder 7.0.0-7.2.1 - Authenticated Path Traversal via HTTP Request

CVE-2024-32115 MEDIUM

Fortinet FortiManager <7.4.3 - Path Traversal

CVE-2024-13130 MEDIUM

Dahua IPC-HFW1200S-20241222 - Path Traversal

CVE-2024-12897 MEDIUM

Intelbras VIP S3020 G2-VIP S4320 G2 20241222 - Path Traversal

CVE-2024-12645 MEDIUM

Chunghwa Telecom topm-client >=0.3.14 <0.3.17 - Unauthenticated Arbitrary File Read via Relative Path Traversal

CVE-2024-12642 HIGH

TenderDocTransfer 0.41.151-0.41.157 - Unauthenticated Arbitrary File Write via CSRF and Path Traversal

CVE-2024-49062 MEDIUM

Microsoft SharePoint Server - Information Disclosure via Relative Path Traversal

CVE-2024-12482 MEDIUM

cjbi wetech-cms 1.0/1.1/1.2 - Path Traversal via Database Backup Handler

CVE-2024-54154 HIGH

JetBrains YouTrack <2024.3.51866 - Path Traversal

CVE-2024-11315 CRITICAL

DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11314 CRITICAL

DVC 6.0-<6.4 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11313 CRITICAL

DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11312 CRITICAL

DVC 6.0-<6.4 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11311 CRITICAL

DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11310 HIGH

DVC 6.0-6.3 - Unauthenticated Path Traversal

CVE-2024-11309 HIGH

DVC 6.0-6.3 - Unauthenticated Path Traversal

Previous Page 8 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy