VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 116 of 275
  • CVE-2025-2830MedApr 15, 2025
    risk 0.41cvss 6.3epss 0.00

    By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive…

  • CVE-2024-41373MedJul 26, 2024
    risk 0.41cvss 6.3epss 0.00

    ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php.

  • CVE-2024-5824HigJun 27, 2024
    risk 0.41cvss 7.4epss 0.00

    A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as…

  • CVE-2024-23793MedJun 6, 2024
    risk 0.41cvss 6.3epss 0.01

    The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of…

  • CVE-2024-29180HigMar 21, 2024
    risk 0.41cvss 7.4epss 0.01

    Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can…

  • CVE-2023-5189MedNov 14, 2023
    risk 0.41cvss 6.3epss 0.01

    A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.

  • CVE-2023-1800HigApr 2, 2023
    risk 0.41cvss 7.3epss 0.04

    A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack…

  • CVE-2022-48285HigJan 29, 2023
    risk 0.41cvss 7.3epss 0.01

    loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.

  • CVE-2022-46178HigDec 29, 2022
    risk 0.41cvss 7.4epss 0.01

    MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path.…

  • CVE-2021-32840HigJan 26, 2022
    risk 0.41cvss 7.3epss 0.02

    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in…

  • CVE-2021-3907HigNov 11, 2021
    risk 0.41cvss 7.4epss 0.04

    OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution…

  • CVE-2021-41127HigOct 21, 2021
    risk 0.41cvss 7.3epss 0.01

    Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can…

  • CVE-2018-16133MedAug 29, 2018
    risk 0.41cvss 5.3epss 0.39

    Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.

  • CVE-2014-8676MedAug 31, 2017
    risk 0.41cvss 5.3epss 0.41

    Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.

  • CVE-2016-10039HigDec 24, 2016
    risk 0.41cvss 7.3epss 0.02

    Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.

  • CVE-2016-10038HigDec 24, 2016
    risk 0.41cvss 7.3epss 0.02

    Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.

  • CVE-2016-10037HigDec 24, 2016
    risk 0.41cvss 7.3epss 0.02

    Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.

  • CVE-2022-50953MedJun 8, 2026
    risk 0.40cvss 6.2epss 0.00

    WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path…

  • CVE-2026-0055MedJun 1, 2026
    risk 0.40cvss 6.2epss 0.00

    In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2026-31379MedMay 19, 2026
    risk 0.40cvss 6.1epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects…