VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 100 of 275
  • CVE-2025-54140HigJul 22, 2025
    risk 0.42cvss 7.5epss 0.01

    pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the…

  • CVE-2025-49656HigJul 21, 2025
    risk 0.42cvss 7.5epss 0.01

    Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.

  • CVE-2023-51232HigJul 7, 2025
    risk 0.42cvss 7.5epss 0.01

    Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot ('.').

  • CVE-2025-3046HigJul 7, 2025
    risk 0.42cvss 7.5epss 0.01

    A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the…

  • CVE-2025-24330MedJul 2, 2025
    risk 0.42cvss 6.4epss 0.00

    Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0…

  • CVE-2025-24329MedJul 2, 2025
    risk 0.42cvss 6.4epss 0.00

    Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0…

  • CVE-2025-52574HigJun 24, 2025
    risk 0.42cvss 7.5epss 0.00

    SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version…

  • CVE-2025-50202HigJun 18, 2025
    risk 0.42cvss 7.5epss 0.01

    Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in…

  • CVE-2025-6070MedJun 14, 2025
    risk 0.42cvss 6.5epss 0.01

    The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary…

  • CVE-2025-28382HigJun 13, 2025
    risk 0.42cvss 7.5epss 0.01

    An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.

  • CVE-2025-49138MedJun 9, 2025
    risk 0.42cvss 6.5epss 0.00

    HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by…

  • CVE-2025-4330HigJun 3, 2025
    risk 0.42cvss 7.5epss 0.01

    Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using…

  • CVE-2025-4138HigJun 3, 2025
    risk 0.42cvss 7.5epss 0.01

    Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using…

  • CVE-2025-46527MedMay 23, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press likecoin allows Path Traversal.This issue affects Web3Press: from n/a through <= 3.2.0.

  • CVE-2025-30207HigMay 13, 2025
    risk 0.42cvss 7.5epss 0.00

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software (such…

  • CVE-2025-4185MedMay 2, 2025
    risk 0.42cvss 6.3epss 0.08

    A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=obj_area_export_save. The manipulation of the argument file_name leads to path traversal. The attack may be initiated…

  • CVE-2025-27937MedApr 28, 2025
    risk 0.42cvss 6.5epss 0.01

    Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product.

  • CVE-2025-28354MedApr 25, 2025
    risk 0.42cvss 6.5epss 0.01

    An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request.

  • CVE-2025-27283MedApr 17, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Path Traversal.This issue affects Theme File Duplicator: from n/a through <= 1.3.

  • CVE-2025-32209MedApr 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Path Traversal.This issue affects Nomupay Payment Processing Gateway: from n/a through <= 7.1.5.