VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 103 of 275
  • CVE-2024-4881HigJun 6, 2024
    risk 0.42cvss 7.5epss 0.01

    A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing…

  • CVE-2024-4941HigJun 6, 2024
    risk 0.42cvss 7.5epss 0.01

    A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as…

  • CVE-2024-28880MedMay 28, 2024
    risk 0.42cvss 6.5epss 0.01

    Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the product.

  • CVE-2024-36079MedMay 24, 2024
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would…

  • CVE-2024-35162MedMay 22, 2024
    risk 0.42cvss 6.5epss 0.01

    Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary files on the server.

  • CVE-2023-45652MedMay 17, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5.

  • CVE-2022-45852MedApr 24, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5.

  • CVE-2024-31587MedApr 19, 2024
    risk 0.42cvss 6.5epss 0.00

    SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request.

  • CVE-2023-3675MedApr 18, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Secomea GateManager (Web GUI) allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051.

  • CVE-2024-31287MedApr 10, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8.

  • CVE-2016-15038MedApr 1, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit…

  • CVE-2023-25341MedMar 28, 2024
    risk 0.42cvss 6.5epss 0.00

    A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests.

  • CVE-2024-27318HigFeb 23, 2024
    risk 0.42cvss 7.5epss 0.01

    Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass…

  • CVE-2022-25377HigFeb 22, 2024
    risk 0.42cvss 7.5epss 0.01

    The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is…

  • CVE-2024-23833HigFeb 12, 2024
    risk 0.42cvss 7.5epss 0.01

    OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver…

  • CVE-2024-0697MedJan 27, 2024
    risk 0.42cvss 6.5epss 0.01

    The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator…

  • CVE-2023-46749MedJan 15, 2024
    risk 0.42cvss 6.5epss 0.01

    Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this…

  • CVE-2024-22050HigJan 4, 2024
    risk 0.42cvss 7.5epss 0.01

    Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

  • CVE-2023-6559HigDec 16, 2023
    risk 0.42cvss 7.5epss 0.01

    The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to…

  • CVE-2023-28465HigDec 12, 2023
    risk 0.42cvss 7.5epss 0.01

    The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE:…