VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 102 of 275
  • CVE-2024-7514MedOct 11, 2024
    risk 0.42cvss 6.5epss 0.01

    The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with…

  • CVE-2024-9100MedOct 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal.

  • CVE-2024-45601HigSep 18, 2024
    risk 0.42cvss 7.5epss 0.00

    Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to…

  • CVE-2024-45816MedSep 17, 2024
    risk 0.42cvss 6.5epss 0.01

    Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass…

  • CVE-2024-45436HigAug 29, 2024
    risk 0.42cvss 7.5epss 0.03

    extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.

  • CVE-2024-6312MedAug 28, 2024
    risk 0.42cvss 6.5epss 0.01

    The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it…

  • CVE-2024-45189MedAug 23, 2024
    risk 0.42cvss 6.5epss 0.01

    Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request

  • CVE-2024-45188MedAug 23, 2024
    risk 0.42cvss 6.5epss 0.01

    Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request

  • CVE-2024-43165MedAug 13, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8.

  • CVE-2024-42485HigAug 12, 2024
    risk 0.42cvss 7.5epss 0.01

    Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the URL. Patched with Version v2.3.3.

  • CVE-2024-38772MedAug 1, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7.

  • CVE-2024-38716MedJul 12, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Blue Plugins Events Calendar for Google allows PHP Local File Inclusion.This issue affects Events Calendar for Google: from n/a through 2.1.0.

  • CVE-2024-38715MedJul 12, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1.

  • CVE-2024-38704MedJul 12, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DynamicWebLab WordPress Team Manager allows PHP Local File Inclusion.This issue affects WordPress Team Manager: from n/a through 2.1.12.

  • CVE-2024-24749HigJul 1, 2024
    risk 0.42cvss 7.5epss 0.01

    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation…

  • CVE-2024-36116HigJun 19, 2024
    risk 0.42cvss 7.5epss 0.01

    Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller…

  • CVE-2024-36527MedJun 17, 2024
    risk 0.42cvss 6.5epss 0.03

    puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.

  • CVE-2024-6044MedJun 17, 2024
    risk 0.42cvss 6.5epss 0.00

    Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.

  • CVE-2024-35474MedJun 10, 2024
    risk 0.42cvss 6.5epss 0.01

    A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt.

  • CVE-2024-5637HigJun 7, 2024
    risk 0.42cvss 7.5epss 0.01

    The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and…