CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 108 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10767 | — | Hig | 0.42 | 7.5 | 0.02 | Nov 21, 2019 | An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the… | |
| CVE-2019-5484 | — | Hig | 0.42 | 7.5 | 0.03 | Sep 13, 2019 | Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. | |
| CVE-2019-14751 | — | Hig | 0.42 | 7.5 | 0.06 | Aug 22, 2019 | NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. | |
| CVE-2019-10375 | Med | 0.42 | 6.5 | 0.01 | Aug 7, 2019 | An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master. | ||
| CVE-2019-7859 | Hig | 0.42 | 7.5 | 0.01 | Aug 2, 2019 | A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control. | ||
| CVE-2019-1000008 | Med | 0.42 | 6.5 | 0.01 | Feb 4, 2019 | All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are… | ||
| CVE-2018-16485 | — | Med | 0.42 | 6.5 | 0.01 | Feb 1, 2019 | Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request. | |
| CVE-2018-1000850 | — | Hig | 0.42 | 7.5 | 0.04 | Dec 20, 2018 | Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to… | |
| CVE-2018-20303 | — | Hig | 0.42 | 7.5 | 0.03 | Dec 20, 2018 | In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925. | |
| CVE-2018-20227 | — | Hig | 0.42 | 7.5 | 0.02 | Dec 19, 2018 | RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive. | |
| CVE-2017-18354 | — | Hig | 0.42 | 7.5 | 0.01 | Dec 17, 2018 | Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker. | |
| CVE-2018-17798 | Med | 0.42 | 6.5 | 0.01 | Sep 30, 2018 | An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||
| CVE-2018-17797 | Med | 0.42 | 6.5 | 0.01 | Sep 30, 2018 | An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||
| CVE-2018-9074 | Med | 0.42 | 6.5 | 0.01 | Sep 28, 2018 | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user. | ||
| CVE-2018-17605 | — | Hig | 0.42 | 7.5 | 0.02 | Sep 28, 2018 | An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file… | |
| CVE-2018-13982 | — | Hig | 0.42 | 7.5 | 0.03 | Sep 18, 2018 | Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read… | |
| CVE-2018-16141 | Med | 0.42 | 6.5 | 0.01 | Aug 30, 2018 | ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server. | ||
| CVE-2018-15695 | Med | 0.42 | 6.5 | 0.01 | Aug 27, 2018 | ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | ||
| CVE-2018-15495 | Hig | 0.42 | 7.5 | 0.02 | Aug 18, 2018 | /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. | ||
| CVE-2018-12939 | Med | 0.42 | 6.5 | 0.02 | Jul 31, 2018 | A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute… |
- risk 0.42cvss 7.5epss 0.02
An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the…
- risk 0.42cvss 7.5epss 0.03
Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.
- risk 0.42cvss 7.5epss 0.06
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
- risk 0.42cvss 6.5epss 0.01
An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.
- risk 0.42cvss 7.5epss 0.01
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
- risk 0.42cvss 6.5epss 0.01
All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are…
- risk 0.42cvss 6.5epss 0.01
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
- risk 0.42cvss 7.5epss 0.04
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to…
- risk 0.42cvss 7.5epss 0.03
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.
- risk 0.42cvss 7.5epss 0.02
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
- risk 0.42cvss 7.5epss 0.01
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
- risk 0.42cvss 6.5epss 0.01
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
- risk 0.42cvss 7.5epss 0.02
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file…
- risk 0.42cvss 7.5epss 0.03
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read…
- risk 0.42cvss 6.5epss 0.01
ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server.
- risk 0.42cvss 6.5epss 0.01
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.
- risk 0.42cvss 7.5epss 0.02
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
- risk 0.42cvss 6.5epss 0.02
A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute…