CWE-24

Path Traversal: '../filedir'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

110 vulnerabilities with CWE-24
CVE-2023-6699 CRITICAL
WP Compress - Image Optimizer <= 6.10.33 - Unauthenticated Directory Traversal via CSS Parameter
CVSS 9.1
CVE-2023-7134 MEDIUM
SourceCodester Medicine Tracking System 1.0 - Path Traversal via Page Parameter
CVSS 6.3
CVE-2023-7098 LOW
icret EasyImages 2.8.3 - Path Traversal via 'key' Parameter in hide.php
CVSS 3.1
CVE-2023-7058 MEDIUM
Simple Student Attendance System 1.0 - Path Traversal via Page Parameter
CVSS 6.3
CVE-2023-7041 MEDIUM
codelyfe stupid_simple_cms < 1.2.4 - Path Traversal via newName Argument
CVSS 5.4
CVE-2023-7040 MEDIUM
codelyfe stupid_simple_cms < 1.2.4 - Path Traversal via oldName Parameter in /file-manager/rename.php
CVSS 4.3
CVE-2023-6900 MEDIUM
rmountjoy92 DashMachine 0.5-4 - Path Traversal via /settings/delete_file Endpoint
CVSS 4.6
CVE-2023-4171 MEDIUM
Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 - Path Traversal via Files Parameter in FileDownload.ashx
CVSS 4.3
CVE-2023-3240 LOW
otcms < 6.62 - Path Traversal via usersNews_deal.php File Parameter
CVSS 3.5
CVE-2023-3239 LOW
otcms < 6.62 - Path Traversal via admin/readDeal.php img Parameter
CVSS 3.5
CVE-2023-3098 MEDIUM
KylinSoft youker-assistant <3.0.2-0kylin6k70-23 - Path Traversal
CVSS 4.4
CVE-2023-3057 MEDIUM
iuok yfcmf-tp6 < 3.0.4 - Path Traversal via controllername Argument
CVSS 4.3
CVE-2023-3056 MEDIUM
iuok yfcmf-tp6 < 3.0.4 - Path Traversal via '../filedir'
CVSS 4.3
CVE-2023-20167 MEDIUM
Cisco Identity Services Engine - Authenticated Path Traversal
CVSS 6.0
CVE-2023-20166 MEDIUM
Cisco Identity Services Engine - Authenticated Path Traversal
CVSS 6.0
CVE-2023-20098 MEDIUM
Cisco SDWAN vManage Software - Path Traversal
CVSS 4.4
CVE-2023-1800 HIGH
s jqzhang go-fastdfs <1.4.3 - Path Traversal
CVSS 7.3
CVE-2023-1398 MEDIUM
XiaoBingBy TeaCMS 2.0 - Path Traversal
CVSS 6.3
CVE-2022-20656 MEDIUM
Cisco Prime Infrastructure & EPNM - Authenticated Path Traversal & Arbitrary File Write
CVSS 6.5
CVE-2022-36065 HIGH
growthbook < 1.6.0 - Unauthenticated Path Traversal and Remote Code Execution via File Upload
CVSS 7.5
CVE-2022-38129 CRITICAL
Keysight Sensor Mgmt Server - Path Traversal
CVSS 9.8
CVE-2022-1743 MEDIUM
Dominion Voting System ImageCast X - Code Injection
CVSS 6.8
CVE-2022-29253 LOW
XWiki Platform <12.10.3,14.0 - Path Traversal
CVSS 2.7
CVE-2021-33036 HIGH
Apache Hadoop <2.10.2, <3.2.3, <3.3.2 - Privilege Escalation
CVSS 8.8
CVE-2021-21706 MEDIUM
PHP 7.3.0-7.3.30 - Path Traversal and Arbitrary File Write via ZipArchive::extractTo
CVSS 5.3
Details
Vulnerabilities 110
Links
MITRE CWE Entry Search this CWE With Exploits