Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-36

CWE-36

Absolute Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

126 vulnerabilities with CWE-36

CVE-2023-5115 MEDIUM

Ansible Automation Platform - Path Traversal via Malicious Role Symlink

CVE-2023-36786 HIGH

Skype for Business Server - Remote Code Execution via Absolute Path Traversal

CVE-2023-5022 MEDIUM

dedecms < 5.7.100 - Absolute Path Traversal via activepath Parameter

CVE-2023-40597 HIGH

Splunk Enterprise <8.2.12, 9.0.6, 9.1.1 - Path Traversal

CVE-2023-4172 MEDIUM

Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 - Path Traversal via FileDirectory Parameter

CVE-2023-3765 CRITICAL

MLflow < 2.5.0 - Absolute Path Traversal

CVE-2023-34135 MEDIUM

SonicWall GMS & Analytics <9.3.2-SP1 - Path Traversal

CVE-2023-32054 HIGH

Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Elevation of Privilege via Volume Shadow Copy

CVE-2023-2765 MEDIUM

Weaver e-office - Absolute Path Traversal via downfile.php URL Parameter

CVE-2023-2101 MEDIUM

Moxi624 Mogu Blog <5.2 - Path Traversal

CVE-2023-1176 LOW

MLflow < 2.2.2 - Absolute Path Traversal

CVE-2022-20958 HIGH

Cisco BroadWorks CommPilot Application < 23.0 - Unauthenticated Server-Side Request Forgery

CVE-2022-20791 MEDIUM

Cisco Unified Communications Manager < 11.5(1.10000.6) & IM & Presence Service < 12.5(1) - Arbitrary File Read

CVE-2022-24877 CRITICAL

fluxcd flux2 and kustomize-controller < 0.29.0 and < 0.24.0 - Path Traversal via Malicious kustomization.yaml

CVE-2022-1554 HIGH

scout < 4.52 - Path Traversal via send_file Call

CVE-2021-34711 MEDIUM

Cisco IP Phone Firmware < 14.1(1) - Authenticated Arbitrary File Read via Debug Shell Command

CVE-2021-1618 MEDIUM

Cisco Intersight Virtual Appliance < 1.0.9-292 - Authenticated Path Traversal and OS Command Injection

CVE-2021-1617 MEDIUM

Cisco Intersight Virtual Appliance < 1.0.9-292 - Authenticated Path Traversal and Command Injection

CVE-2021-21586 HIGH

Dell Wyse Management Suite <= 3.2 - Authenticated Path Traversal

CVE-2021-32507 MEDIUM

QSAN Storage Manager < 3.3.3 - Authenticated Path Traversal via FileDownload Url Parameter

CVE-2021-32506 MEDIUM

QSAN Storage Manager < 3.3.3 - Authenticated Path Traversal via GetImage Url Parameter

CVE-2021-30173 MEDIUM

Omni-directional <version> - Local File Inclusion

CVE-2021-1297 HIGH

Cisco RV160/RV260 VPN Router Firmware < 1.0.01.02 - Unauthenticated Path Traversal & Arbitrary File Write

CVE-2021-1296 HIGH

Cisco RV160/RV260 VPN Routers <1.0.01.02 - Unauthenticated Path Traversal & Arbitrary File Write

CVE-2018-20250 HIGH KEV

WinRAR <= 5.61 - Path Traversal and Remote Code Execution via ACE Filename Field

Previous Page 5 of 6 Next

Details

Vulnerabilities 126

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy