VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 101 of 275
  • CVE-2025-2519MedApr 8, 2025
    risk 0.42cvss 6.5epss 0.00

    The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2025-31800MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in publitio Publitio publitio allows Path Traversal.This issue affects Publitio: from n/a through <= 2.2.0.

  • CVE-2025-30596MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tstafford include-file include-file allows Path Traversal.This issue affects include-file: from n/a through <= 1.

  • CVE-2025-30594MedApr 1, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in samsk Include URL include-url allows Path Traversal.This issue affects Include URL: from n/a through <= 0.3.5.

  • CVE-2025-27716MedMar 28, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be…

  • CVE-2025-1310MedMar 26, 2025
    risk 0.42cvss 6.5epss 0.01

    The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the 'job_postings_get_file' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the…

  • CVE-2024-8859HigMar 20, 2025
    risk 0.42cvss 7.5epss 0.02

    A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is…

  • CVE-2024-55457MedFeb 20, 2025
    risk 0.42cvss 6.5epss 0.03

    MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information.

  • CVE-2024-57669HigFeb 3, 2025
    risk 0.42cvss 7.5epss 0.01

    Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.

  • CVE-2024-12885MedJan 25, 2025
    risk 0.42cvss 6.5epss 0.01

    The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated…

  • CVE-2024-12087MedJan 14, 2025
    risk 0.42cvss 6.5epss 0.02

    A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive`…

  • CVE-2024-55459MedJan 8, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

  • CVE-2024-9939HigJan 8, 2025
    risk 0.42cvss 7.5epss 0.01

    The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.

  • CVE-2024-56213MedDec 31, 2024
    risk 0.42cvss 6.5epss 0.01

    Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.7.

  • CVE-2024-21547HigDec 18, 2024
    risk 0.42cvss 7.5epss 0.01

    Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.

  • CVE-2024-54259MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Path Traversal.This issue affects DELUCKS SEO: from n/a through <= 2.7.0.

  • CVE-2024-55658HigDec 12, 2024
    risk 0.42cvss 7.5epss 0.01

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host…

  • CVE-2024-55657HigDec 12, 2024
    risk 0.42cvss 7.5epss 0.01

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host…

  • CVE-2024-10389HigNov 4, 2024
    risk 0.42cvss 7.5epss 0.00

    There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past…

  • CVE-2024-47877HigOct 11, 2024
    risk 0.42cvss 7.5epss 0.01

    Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then…