CWE-24

Path Traversal: '../filedir'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

110 vulnerabilities with CWE-24
CVE-2025-56760 MEDIUM
memos 0.22 - Path Traversal and Arbitrary File Write via CreateResource Endpoint
CVSS 4.3
CVE-2025-46094 LOW
LiquidFiles < 4.1.2 - Authenticated Path Traversal via Actionscript Configuration
CVSS 3.8
CVE-2025-44962 MEDIUM
RUCKUS SmartZone < 6.1.2 - Path Traversal via Directory Traversal Sequences
CVSS 5.0
CVE-2025-54769 HIGH
lpar2rrd < 8.04 - Authenticated Directory Traversal and Remote Code Execution via File Upload
CVSS 8.8
CVE-2025-45582 MEDIUM
GNU Tar < 1.35 - Path Traversal and Arbitrary File Overwrite via Symlink and Relative Pathname
CVSS 4.1
CVE-2025-53513 HIGH
Juju < 2.9.52 - Path Traversal via Malicious Charm Upload
CVSS 8.8
CVE-2025-48050 HIGH
DOMPurify <6bc6d60 - Path Traversal
CVSS 7.5
CVE-2025-47423 MEDIUM
Personal Weather Station Dashboard 12_lts - Path Traversal
CVSS 5.8
CVE-2025-27920 HIGH KEV
Output Messenger < 2.0.63 - Path Traversal via File Path Parameter
CVSS 7.2
CVE-2025-46646 MEDIUM
Artifex Ghostscript <10.05.0 - Info Disclosure
CVSS 4.5
CVE-2025-43928 MEDIUM
Infodraw Media Relay Service 7.1.0.0 - Unauthenticated Path Traversal via Username Field
CVSS 5.8
CVE-2025-43919 MEDIUM
GNU Mailman 2.1.1-2.1.38 - Unauthenticated Path Traversal via Username Parameter
CVSS 5.8
CVE-2025-32807 MEDIUM
FusionDirectory <1.5 - Path Traversal
CVSS 5.3
CVE-2025-2961 MEDIUM
opensolon < 3.1.0 - Path Traversal via Template Argument in RenderManager
CVSS 4.3
CVE-2025-30343 LOW
OpenSlides < 4.2.5 - Path Traversal via ZIP Archive Extraction
CVSS 3.0
CVE-2025-1599 MEDIUM
Best Church Management Software 1.0 - Path Traversal via old_cat_img Parameter
CVSS 5.4
CVE-2025-1588 MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - Path Traversal via Profile Picture Upload
CVSS 6.5
CVE-2025-1584 MEDIUM
Solon < 3.0.9 - Path Traversal via StaticMappings
CVSS 4.3
CVE-2025-1086 MEDIUM
Safetytest Cloud-Master Server <1.1.1 - Path Traversal
CVSS 5.3
CVE-2025-0390 MEDIUM
Guangzhou Huayi Intelligent Technology Jeewms < 2025-01-01 - Path Traversal via /wmOmNoticeHController.do
CVSS 5.3
CVE-2024-43035 MEDIUM
Fonoster 0.5.5-0.6.1 - Path Traversal via VoiceServer Endpoint
CVSS 5.8
CVE-2024-53636 MEDIUM
Serosoft Academia Student Information System EagleR-1.0.118 - Arbitrary File Upload via writefile.php filePath Parameter
CVSS 6.4
CVE-2024-13130 MEDIUM
Dahua IPC-HFW1200S-20241222 - Path Traversal
CVSS 4.3
CVE-2024-12897 MEDIUM
Intelbras VIP S3020 G2-VIP S4320 G2 20241222 - Path Traversal
CVSS 4.3
CVE-2024-12482 MEDIUM
cjbi wetech-cms 1.0/1.1/1.2 - Path Traversal via Database Backup Handler
CVSS 4.3
Details
Vulnerabilities 110
Links
MITRE CWE Entry Search this CWE With Exploits