CWE-35

Path Traversal: '.../...//'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

169 vulnerabilities with CWE-35
CVE-2025-22786 HIGH
ElementInvader Addons for Elementor <= 1.2.6 - Path Traversal and Local File Inclusion via .../...//
CVSS 7.5
CVE-2024-52885 MEDIUM
Checkpoint Mobile Access - Authenticated Directory Traversal in File Share Application
CVSS 5.0
CVE-2024-54362 HIGH
NotFound GetShop <1.3 - Path Traversal
CVSS 8.1
CVE-2024-49249 HIGH
SMSA Shipping <2.3 - Path Traversal
CVSS 8.6
CVE-2024-56045 CRITICAL
VibeThemes WPLMS < 1.9.9.5 - Unauthenticated Path Traversal via '.../...//'
CVSS 9.3
CVE-2024-56214 HIGH
DeluxeThemes Userpro <5.1.9 - Path Traversal
CVSS 8.3
CVE-2024-56213 MEDIUM
Eventin <= 4.0.7 - Path Traversal via .../...// Sequence
CVSS 6.5
CVE-2024-56055 HIGH
VibeThemes WPLMS < 1.9.9.5.2 - Path Traversal via '.../...//'
CVSS 8.5
CVE-2024-56049 HIGH
VibeThemes WPLMS < 1.9.9.5.2 - Path Traversal via '.../...//'
CVSS 8.5
CVE-2024-54313 MEDIUM
FULL Customer < 3.1.25 - Path Traversal
CVSS 6.5
CVE-2024-21575 HIGH
ComfyUI-Impact-Pack - Path Traversal
CVSS 8.6
CVE-2024-54216 HIGH
Repute InfoSystems ARForms <6.4.1 - Path Traversal
CVSS 7.7
CVE-2024-52498 HIGH
Softpulse Infotech SP Blog Designer - Path Traversal
CVSS 7.5
CVE-2024-10857 MEDIUM
Product Input Fields for WooCommerce <= 1.9 - Authenticated Path Traversal via handle_downloads()
CVSS 6.5
CVE-2024-50054 HIGH
mySCADA myPRO Manager and Runtime - Path Traversal
CVSS 7.5
CVE-2024-52447 HIGH
Corporate Zen Contact Page With Google Map <1.6.1 - Path Traversal
CVSS 8.6
CVE-2024-52390 MEDIUM
CYAN Backup <2.5.3 - Path Traversal
CVSS 4.9
CVE-2024-41973 HIGH
WAGO CC100, PFC100 G2, PFC200 G2, TP600, Edge Controller < 4.5.10 (FW27) - Path Traversal and Arbitrary File Write
CVSS 8.1
CVE-2024-41972 MEDIUM
WAGO CC100, Edge Controller, and PFC100/PFC200 G2 - Arbitrary File Overwrite
CVSS 6.5
CVE-2024-11136 HIGH
TCL Camera - Path Traversal via URI Path Manipulation
CVE-2024-51582 HIGH
ThimPress WP Hotel Booking <2.1.4 - Path Traversal
CVSS 7.5
CVE-2024-49770 HIGH
oak < 17.1.3 - Path Traversal via URL-Encoded Forward Slash Bypass
CVE-2024-49258 MEDIUM
Limb WordPress Gallery Plugin - Path Traversal
CVSS 6.5
CVE-2024-45248 HIGH
Multi-DNC - Path Traversal via '.../...//'
CVSS 7.5
CVE-2024-47324 HIGH
Ex-Themes WP Timeline - Path Traversal
CVSS 7.5
Details
Vulnerabilities 169
Links
MITRE CWE Entry Search this CWE With Exploits