CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 109 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3188 | Med | 0.42 | 6.5 | 0.03 | Jul 24, 2018 | The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly… | ||
| CVE-2018-14371 | — | Hig | 0.42 | 7.5 | 0.04 | Jul 18, 2018 | The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. | |
| CVE-2018-14363 | Hig | 0.42 | 7.5 | 0.02 | Jul 17, 2018 | An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | ||
| CVE-2018-7770 | Med | 0.42 | 6.5 | 0.01 | Jul 3, 2018 | The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address. | ||
| CVE-2017-16859 | Med | 0.42 | 6.5 | 0.03 | Jun 28, 2018 | The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability… | ||
| CVE-2018-12560 | Med | 0.42 | 6.5 | 0.02 | Jun 19, 2018 | An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring. | ||
| CVE-2018-12530 | Med | 0.42 | 6.5 | 0.02 | Jun 18, 2018 | An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. | ||
| CVE-2018-12494 | Med | 0.42 | 6.5 | 0.02 | Jun 15, 2018 | An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | ||
| CVE-2018-12493 | Med | 0.42 | 6.5 | 0.02 | Jun 15, 2018 | An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | ||
| CVE-2018-3732 | — | Hig | 0.42 | 7.5 | 0.02 | Jun 7, 2018 | resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path. | |
| CVE-2018-3731 | — | Hig | 0.42 | 7.5 | 0.02 | Jun 7, 2018 | public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | |
| CVE-2018-3729 | — | Hig | 0.42 | 7.5 | 0.02 | Jun 7, 2018 | localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |
| CVE-2017-16083 | — | Hig | 0.42 | 7.5 | 0.02 | Jun 7, 2018 | node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |
| CVE-2018-10057 | Med | 0.42 | 6.5 | 0.02 | Jun 5, 2018 | The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal). | ||
| CVE-2017-0930 | — | Med | 0.42 | 6.5 | 0.01 | Jun 4, 2018 | augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | |
| CVE-2018-3733 | Hig | 0.42 | 7.5 | 0.02 | May 29, 2018 | crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | ||
| CVE-2014-10068 | Hig | 0.42 | 7.5 | 0.02 | May 29, 2018 | The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | ||
| CVE-2018-11413 | Med | 0.42 | 6.5 | 0.02 | May 24, 2018 | An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration. | ||
| CVE-2018-11344 | Med | 0.42 | 6.5 | 0.01 | May 22, 2018 | A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. | ||
| CVE-2018-0323 | Med | 0.42 | 6.5 | 0.02 | May 17, 2018 | A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request… |
- risk 0.42cvss 6.5epss 0.03
The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly…
- risk 0.42cvss 7.5epss 0.04
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.
- risk 0.42cvss 7.5epss 0.02
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.
- risk 0.42cvss 6.5epss 0.01
The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.
- risk 0.42cvss 6.5epss 0.03
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability…
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.
- risk 0.42cvss 7.5epss 0.02
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
- risk 0.42cvss 7.5epss 0.02
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
- risk 0.42cvss 7.5epss 0.02
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
- risk 0.42cvss 7.5epss 0.02
node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.42cvss 6.5epss 0.02
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
- risk 0.42cvss 6.5epss 0.01
augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
- risk 0.42cvss 7.5epss 0.02
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.
- risk 0.42cvss 7.5epss 0.02
The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration.
- risk 0.42cvss 6.5epss 0.01
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.
- risk 0.42cvss 6.5epss 0.02
A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request…