The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
108 vulnerabilities with CWE-24
CVE-2023-7098
LOW
Easyimages2.0 - Path Traversal
CVSS 3.1
CVE-2023-7058
MEDIUM
Oretnom23 Simple Student Attendance System - Path Traversal
CVSS 6.3
CVE-2023-7041
MEDIUM
Codelyfe Stupid Simple Cms < 1.2.4 - Path Traversal
CVSS 5.4
CVE-2023-7040
MEDIUM
Codelyfe Stupid Simple Cms < 1.2.4 - Path Traversal
CVSS 4.3
CVE-2023-6900
MEDIUM
Rmountjoy92 Dashmachine - Path Traversal
CVSS 4.6
CVE-2023-4171
MEDIUM
Cdwanjiang Flash Flood Disaster Monit... - Path Traversal
CVSS 4.3
CVE-2023-3240
LOW
Otcms < 6.62 - Path Traversal
CVSS 3.5
CVE-2023-3239
LOW
Otcms < 6.62 - Path Traversal
CVSS 3.5
CVE-2023-3098
MEDIUM
KylinSoft youker-assistant <3.0.2-0kylin6k70-23 - Path Traversal
CVSS 4.4
CVE-2023-3057
MEDIUM
YFCMF <3.0.4 - Path Traversal
CVSS 4.3
CVE-2023-3056
MEDIUM
YFCMF <3.0.4 - Path Traversal
CVSS 4.3
CVE-2023-20167
MEDIUM
Cisco ISE - Path Traversal
CVSS 6.0
CVE-2023-20166
MEDIUM
Cisco ISE - Path Traversal
CVSS 6.0
CVE-2023-20098
MEDIUM
Cisco SDWAN vManage Software - Path Traversal
CVSS 4.4
CVE-2023-1800
HIGH
s jqzhang go-fastdfs <1.4.3 - Path Traversal
CVSS 7.3
CVE-2023-1398
MEDIUM
XiaoBingBy TeaCMS 2.0 - Path Traversal
CVSS 6.3
CVE-2022-20656
MEDIUM
Cisco PI/EPNM - Path Traversal
CVSS 6.5
CVE-2022-36065
HIGH
GrowthBook <2022-08-29 - RCE
CVSS 7.5
CVE-2022-38129
CRITICAL
Keysight Sensor Mgmt Server - Path Traversal
CVSS 9.8
CVE-2022-1743
MEDIUM
Dominion Voting System ImageCast X - Code Injection
CVSS 6.8
CVE-2022-29253
LOW
XWiki Platform <12.10.3,14.0 - Path Traversal
CVSS 2.7
CVE-2021-33036
HIGH
Apache Hadoop <2.10.2, <3.2.3, <3.3.2 - Privilege Escalation
CVSS 8.8
CVE-2021-21706
MEDIUM
Php < 7.3.31 - Path Traversal
CVSS 5.3
CVE-2021-3710
MEDIUM
Canonical Apport - Path Traversal
CVSS 6.5
CVE-2021-29466
MEDIUM
Discord-recon < 0.0.4 - Path Traversal
CVSS 6.5
Details
Vulnerabilities
108