CWE-24

Path Traversal: '../filedir'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

110 vulnerabilities with CWE-24
CVE-2024-10379 MEDIUM
ESAFENET CDG 5 - Path Traversal via DecryptApplicationService decryptFileId Parameter
CVSS 4.3
CVE-2024-6786 MEDIUM
Moxa MXview One < 1.4.1 - Path Traversal via MQTT Message
CVSS 6.5
CVE-2024-8409 MEDIUM
ABCD ABCD2 <2.2.0-beta-1 - Path Traversal
CVSS 4.3
CVE-2024-37403 MEDIUM
Ivanti Docs@Work < 2.26.0 - Path Traversal via Improper File Name Sanitization
CVSS 5.5
CVE-2024-23657 HIGH
nuxt/devtools < 1.3.9 - Unauthenticated Path Traversal and Remote Code Execution via WebSocket RPC
CVSS 8.8
CVE-2024-6746 MEDIUM
NaiboWang EasySpider 0.6.2 - Path Traversal
CVSS 4.3
CVE-2024-4790 MEDIUM
DedeCMS 5.7.114 - Path Traversal via sys_verifies.php filename Parameter
CVSS 4.3
CVE-2024-3686 MEDIUM
DedeCMS 5.7.112-UTF8 - Path Traversal via update_guide.php files Parameter
CVSS 4.3
CVE-2024-3227 MEDIUM
weaver e-office < 9.5 - Path Traversal via image_type Parameter
CVSS 4.7
CVE-2024-3218 MEDIUM
Shibang Communications IP Network Intercom Broadcasting System 1.0 ...
CVSS 5.4
CVE-2024-2825 MEDIUM
lakernote easyadmin < 2024-03-15 - Path Traversal via /ureport/designer/saveReportFile
CVSS 6.3
CVE-2024-22079 HIGH
Elspec G5 <1.1.4.15 - Path Traversal
CVSS 7.5
CVE-2024-2564 MEDIUM
PandaXGO PandaX < 2024-03-10 - Path Traversal via ExportUser Filename Argument
CVSS 6.3
CVE-2024-2563 MEDIUM
PandaXGO PandaX < 2024-03-10 - Path Traversal via DeleteImage Function
CVSS 5.4
CVE-2024-2318 MEDIUM
ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028 - Path Traversal via Service Port 9999 File Download
CVSS 4.3
CVE-2024-1459 MEDIUM
Undertow < 2.2.31.Final - Path Traversal via HTTP Request
CVSS 5.3
CVE-2024-0989 MEDIUM
Sichuan Yougou Technology KuERP <1.0.4 - Path Traversal
CVSS 5.4
CVE-2024-0882 MEDIUM
qwdigital LinkWechat 5.1.0 - Path Traversal
CVSS 4.3
CVE-2024-0465 LOW
code-projects Employee Profile Management System 1.0 - Path Traversal
CVSS 3.5
CVE-2024-0417 MEDIUM
DeShang DSShop < 2.1.5 - Path Traversal via MemberAuth Controller Member Info Argument
CVSS 5.4
CVE-2024-0416 MEDIUM
csdeshang dsmall < 5.0.3 - Path Traversal via MemberAuth.php file_name Argument
CVSS 5.4
CVE-2024-0354 MEDIUM
unknown-o Download Station <=1.1.8 - Path Traversal
CVSS 5.3
CVE-2024-0341 LOW
inis_project/inis < 2.0.1 - Path Traversal via GET Request Handler
CVSS 3.5
CVE-2023-53691 HIGH
Hikvision CSMP iSecure Center <2023-06-25 - Path Traversal
CVSS 8.3
CVE-2023-52076 HIGH
Atril Document Viewer <1.26.2 - Path Traversal
CVSS 8.5
Details
Vulnerabilities 110
Links
MITRE CWE Entry Search this CWE With Exploits