CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,734)
page 114 of 187| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-4583 | 0.04 | — | 0.13 | Aug 29, 2007 | Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method. | ||
| CVE-2007-4585 | 0.04 | — | 0.10 | Aug 29, 2007 | Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | ||
| CVE-2007-4058 | 0.04 | — | 0.09 | Jul 30, 2007 | Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method. | ||
| CVE-2007-4031 | 0.04 | — | 0.08 | Jul 27, 2007 | Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. | ||
| CVE-2007-4008 | 0.04 | — | 0.10 | Jul 26, 2007 | Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter. | ||
| CVE-2007-3487 | 0.04 | — | 0.12 | Jun 29, 2007 | Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method. | ||
| CVE-2007-1773 | 0.04 | — | 0.07 | Mar 30, 2007 | Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384. | ||
| CVE-2007-1126 | 0.04 | — | 0.07 | Feb 27, 2007 | Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | ||
| CVE-2007-0205 | 0.04 | — | 0.12 | Jan 11, 2007 | Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php. | ||
| CVE-2006-6047 | 0.04 | — | 0.17 | Nov 22, 2006 | Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | ||
| CVE-2006-5846 | 0.04 | — | 0.18 | Nov 10, 2006 | Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773. | ||
| CVE-2006-5031 | 0.04 | — | 0.07 | Sep 27, 2006 | Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. | ||
| CVE-2005-4600 | 0.04 | — | 0.18 | Dec 31, 2005 | Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter. | ||
| CVE-2005-2792 | 0.04 | — | 0.14 | Sep 2, 2005 | Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter. | ||
| CVE-2004-1444 | 0.04 | — | 0.17 | Dec 31, 2004 | Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | ||
| CVE-2004-1364 | 0.04 | — | 0.15 | Aug 4, 2004 | Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. | ||
| CVE-2002-2403 | 0.04 | — | 0.07 | Dec 31, 2002 | Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences. | ||
| CVE-2025-61647 | Low | 0.03 | — | 0.00 | Feb 3, 2026 | Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4. | |
| CVE-2015-8357 | 0.03 | — | 0.05 | Dec 16, 2015 | Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php. | ||
| CVE-2015-1830 | 0.03 | — | 0.86 | Aug 19, 2015 | Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. |
- CVE-2007-4583Aug 29, 2007risk 0.04cvss —epss 0.13
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
- CVE-2007-4585Aug 29, 2007risk 0.04cvss —epss 0.10
Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
- CVE-2007-4058Jul 30, 2007risk 0.04cvss —epss 0.09
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method.
- CVE-2007-4031Jul 27, 2007risk 0.04cvss —epss 0.08
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll.
- CVE-2007-4008Jul 26, 2007risk 0.04cvss —epss 0.10
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.
- CVE-2007-3487Jun 29, 2007risk 0.04cvss —epss 0.12
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
- CVE-2007-1773Mar 30, 2007risk 0.04cvss —epss 0.07
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.
- CVE-2007-1126Feb 27, 2007risk 0.04cvss —epss 0.07
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
- CVE-2007-0205Jan 11, 2007risk 0.04cvss —epss 0.12
Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.
- CVE-2006-6047Nov 22, 2006risk 0.04cvss —epss 0.17
Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
- CVE-2006-5846Nov 10, 2006risk 0.04cvss —epss 0.18
Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773.
- CVE-2006-5031Sep 27, 2006risk 0.04cvss —epss 0.07
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
- CVE-2005-4600Dec 31, 2005risk 0.04cvss —epss 0.18
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
- CVE-2005-2792Sep 2, 2005risk 0.04cvss —epss 0.14
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
- CVE-2004-1444Dec 31, 2004risk 0.04cvss —epss 0.17
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
- CVE-2004-1364Aug 4, 2004risk 0.04cvss —epss 0.15
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
- CVE-2002-2403Dec 31, 2002risk 0.04cvss —epss 0.07
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
- risk 0.03cvss —epss 0.00
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4.
- CVE-2015-8357Dec 16, 2015risk 0.03cvss —epss 0.05
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
- CVE-2015-1830Aug 19, 2015risk 0.03cvss —epss 0.86
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.