VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 108 of 275
  • CVE-2019-10767HigNov 21, 2019
    risk 0.42cvss 7.5epss 0.02

    An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the…

  • CVE-2019-5484HigSep 13, 2019
    risk 0.42cvss 7.5epss 0.03

    Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.

  • CVE-2019-14751HigAug 22, 2019
    risk 0.42cvss 7.5epss 0.06

    NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

  • CVE-2019-10375MedAug 7, 2019
    risk 0.42cvss 6.5epss 0.01

    An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

  • CVE-2019-7859HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

  • CVE-2019-1000008MedFeb 4, 2019
    risk 0.42cvss 6.5epss 0.01

    All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are…

  • CVE-2018-16485MedFeb 1, 2019
    risk 0.42cvss 6.5epss 0.01

    Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.

  • CVE-2018-1000850HigDec 20, 2018
    risk 0.42cvss 7.5epss 0.04

    Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to…

  • CVE-2018-20303HigDec 20, 2018
    risk 0.42cvss 7.5epss 0.03

    In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.

  • CVE-2018-20227HigDec 19, 2018
    risk 0.42cvss 7.5epss 0.02

    RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.

  • CVE-2017-18354HigDec 17, 2018
    risk 0.42cvss 7.5epss 0.01

    Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.

  • CVE-2018-17798MedSep 30, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

  • CVE-2018-17797MedSep 30, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

  • CVE-2018-9074MedSep 28, 2018
    risk 0.42cvss 6.5epss 0.01

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.

  • CVE-2018-17605HigSep 28, 2018
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file…

  • CVE-2018-13982HigSep 18, 2018
    risk 0.42cvss 7.5epss 0.03

    Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read…

  • CVE-2018-16141MedAug 30, 2018
    risk 0.42cvss 6.5epss 0.01

    ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server.

  • CVE-2018-15695MedAug 27, 2018
    risk 0.42cvss 6.5epss 0.01

    ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.

  • CVE-2018-15495HigAug 18, 2018
    risk 0.42cvss 7.5epss 0.02

    /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.

  • CVE-2018-12939MedJul 31, 2018
    risk 0.42cvss 6.5epss 0.02

    A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute…