CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,734)
page 102 of 187| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-3128 | 0.05 | — | 0.20 | Jul 10, 2008 | Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter. | ||
| CVE-2007-6453 | 0.05 | — | 0.20 | Dec 20, 2007 | Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. | ||
| CVE-2007-5802 | 0.05 | — | 0.24 | Nov 3, 2007 | Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration. | ||
| CVE-2007-4890 | 0.05 | — | 0.27 | Sep 14, 2007 | Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method. | ||
| CVE-2007-1076 | 0.05 | — | 0.22 | Feb 22, 2007 | Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php. | ||
| CVE-2026-41140 | Low | 0.04 | — | 0.00 | Apr 24, 2026 | Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.data_filter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4. This vulnerability is fixed in 2.3.4. | |
| CVE-2015-8358 | 0.04 | — | 0.14 | Dec 16, 2015 | Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php. | ||
| CVE-2015-4040 | 0.04 | — | 0.07 | Sep 17, 2015 | Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. | ||
| CVE-2015-4666 | 0.04 | — | 0.16 | Aug 13, 2015 | Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter. | ||
| CVE-2015-4616 | 0.04 | — | 0.15 | Jul 8, 2015 | Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter. | ||
| CVE-2015-5353 | 0.04 | — | 0.09 | Jul 1, 2015 | Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/. | ||
| CVE-2014-1836 | 0.04 | — | 0.19 | Jul 1, 2015 | Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action. | ||
| CVE-2015-4414 | 0.04 | — | 0.09 | Jun 17, 2015 | Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||
| CVE-2014-8606 | 0.04 | — | 0.07 | Jun 10, 2015 | Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php. | ||
| CVE-2015-3648 | 0.04 | — | 0.52 | Jun 9, 2015 | Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter. | ||
| CVE-2015-3301 | 0.04 | — | 0.14 | May 14, 2015 | Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php. | ||
| CVE-2014-5370 | 0.04 | — | 0.12 | Apr 21, 2015 | Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart. | ||
| CVE-2014-9261 | 0.04 | — | 0.17 | Mar 23, 2015 | The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. | ||
| CVE-2015-2071 | 0.04 | — | 0.15 | Feb 24, 2015 | Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter. | ||
| CVE-2015-1577 | 0.04 | — | 0.10 | Feb 11, 2015 | Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter. |
- CVE-2008-3128Jul 10, 2008risk 0.05cvss —epss 0.20
Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
- CVE-2007-6453Dec 20, 2007risk 0.05cvss —epss 0.20
Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.
- CVE-2007-5802Nov 3, 2007risk 0.05cvss —epss 0.24
Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.
- CVE-2007-4890Sep 14, 2007risk 0.05cvss —epss 0.27
Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method.
- CVE-2007-1076Feb 22, 2007risk 0.05cvss —epss 0.22
Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php.
- risk 0.04cvss —epss 0.00
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.data_filter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4. This vulnerability is fixed in 2.3.4.
- CVE-2015-8358Dec 16, 2015risk 0.04cvss —epss 0.14
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
- CVE-2015-4040Sep 17, 2015risk 0.04cvss —epss 0.07
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
- CVE-2015-4666Aug 13, 2015risk 0.04cvss —epss 0.16
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
- CVE-2015-4616Jul 8, 2015risk 0.04cvss —epss 0.15
Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.
- CVE-2015-5353Jul 1, 2015risk 0.04cvss —epss 0.09
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
- CVE-2014-1836Jul 1, 2015risk 0.04cvss —epss 0.19
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
- CVE-2015-4414Jun 17, 2015risk 0.04cvss —epss 0.09
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
- CVE-2014-8606Jun 10, 2015risk 0.04cvss —epss 0.07
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.
- CVE-2015-3648Jun 9, 2015risk 0.04cvss —epss 0.52
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.
- CVE-2015-3301May 14, 2015risk 0.04cvss —epss 0.14
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
- CVE-2014-5370Apr 21, 2015risk 0.04cvss —epss 0.12
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.
- CVE-2014-9261Mar 23, 2015risk 0.04cvss —epss 0.17
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
- CVE-2015-2071Feb 24, 2015risk 0.04cvss —epss 0.15
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
- CVE-2015-1577Feb 11, 2015risk 0.04cvss —epss 0.10
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.