CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

CWE-706

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (3,734)

page 103 of 187

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2014-100029	0.04	—	0.07	Jan 13, 2015	Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter.
CVE-2014-10010	0.04	—	0.07	Jan 13, 2015	Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
CVE-2014-9581	0.04	—	0.12	Jan 8, 2015	Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
CVE-2014-9436	0.04	—	0.15	Jan 2, 2015	Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
CVE-2014-6035	0.04	—	0.12	Dec 4, 2014	Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
CVE-2014-9181	0.04	—	0.10	Dec 2, 2014	Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.
CVE-2012-6665	0.04	—	0.06	Nov 17, 2014	Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.
CVE-2013-3304	0.04	—	0.14	Oct 30, 2014	Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
CVE-2014-5350	0.04	—	0.07	Aug 19, 2014	Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
CVE-2014-1222	0.04	—	0.10	Aug 12, 2014	Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
CVE-2013-5757	0.04	—	0.10	Aug 3, 2014	Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
CVE-2013-5756	0.04	—	0.08	Aug 3, 2014	Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
CVE-2014-5115	0.04	—	0.07	Jul 29, 2014	Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
CVE-2014-4306	0.04	—	0.06	Jun 18, 2014	Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.
CVE-2014-2575	0.04	—	0.10	Jun 6, 2014	Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
CVE-2013-3739	0.04	—	0.10	Jun 5, 2014	Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
CVE-2014-3975	0.04	—	0.14	Jun 5, 2014	Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.
CVE-2014-3806	0.04	—	0.11	May 21, 2014	Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
CVE-2013-3514	0.04	—	0.13	May 14, 2014	Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
CVE-2014-2976	0.04	—	0.14	Apr 23, 2014	Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.

CVE-2014-100029Jan 13, 2015
risk 0.04cvss —epss 0.07
Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter.
CVE-2014-10010Jan 13, 2015
risk 0.04cvss —epss 0.07
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
CVE-2014-9581Jan 8, 2015
risk 0.04cvss —epss 0.12
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
CVE-2014-9436Jan 2, 2015
risk 0.04cvss —epss 0.15
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
CVE-2014-6035Dec 4, 2014
risk 0.04cvss —epss 0.12
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
CVE-2014-9181Dec 2, 2014
risk 0.04cvss —epss 0.10
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.
CVE-2012-6665Nov 17, 2014
risk 0.04cvss —epss 0.06
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.
CVE-2013-3304Oct 30, 2014
risk 0.04cvss —epss 0.14
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
CVE-2014-5350Aug 19, 2014
risk 0.04cvss —epss 0.07
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
CVE-2014-1222Aug 12, 2014
risk 0.04cvss —epss 0.10
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
CVE-2013-5757Aug 3, 2014
risk 0.04cvss —epss 0.10
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
CVE-2013-5756Aug 3, 2014
risk 0.04cvss —epss 0.08
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
CVE-2014-5115Jul 29, 2014
risk 0.04cvss —epss 0.07
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
CVE-2014-4306Jun 18, 2014
risk 0.04cvss —epss 0.06
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.
CVE-2014-2575Jun 6, 2014
risk 0.04cvss —epss 0.10
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
CVE-2013-3739Jun 5, 2014
risk 0.04cvss —epss 0.10
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
CVE-2014-3975Jun 5, 2014
risk 0.04cvss —epss 0.14
Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.
CVE-2014-3806May 21, 2014
risk 0.04cvss —epss 0.11
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
CVE-2013-3514May 14, 2014
risk 0.04cvss —epss 0.13
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
CVE-2014-2976Apr 23, 2014
risk 0.04cvss —epss 0.14
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.