CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 116 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2830 | Med | 0.41 | 6.3 | 0.00 | Apr 15, 2025 | By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive… | ||
| CVE-2024-41373 | Med | 0.41 | 6.3 | 0.00 | Jul 26, 2024 | ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php. | ||
| CVE-2024-5824 | Hig | 0.41 | 7.4 | 0.00 | Jun 27, 2024 | A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as… | ||
| CVE-2024-23793 | Med | 0.41 | 6.3 | 0.01 | Jun 6, 2024 | The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of… | ||
| CVE-2024-29180 | Hig | 0.41 | 7.4 | 0.01 | Mar 21, 2024 | Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can… | ||
| CVE-2023-5189 | Med | 0.41 | 6.3 | 0.01 | Nov 14, 2023 | A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. | ||
| CVE-2023-1800 | Hig | 0.41 | 7.3 | 0.04 | Apr 2, 2023 | A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack… | ||
| CVE-2022-48285 | — | Hig | 0.41 | 7.3 | 0.01 | Jan 29, 2023 | loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. | |
| CVE-2022-46178 | Hig | 0.41 | 7.4 | 0.01 | Dec 29, 2022 | MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path.… | ||
| CVE-2021-32840 | Hig | 0.41 | 7.3 | 0.02 | Jan 26, 2022 | SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in… | ||
| CVE-2021-3907 | Hig | 0.41 | 7.4 | 0.04 | Nov 11, 2021 | OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution… | ||
| CVE-2021-41127 | Hig | 0.41 | 7.3 | 0.01 | Oct 21, 2021 | Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can… | ||
| CVE-2018-16133 | Med | 0.41 | 5.3 | 0.39 | Aug 29, 2018 | Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. | ||
| CVE-2014-8676 | Med | 0.41 | 5.3 | 0.41 | Aug 31, 2017 | Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter. | ||
| CVE-2016-10039 | Hig | 0.41 | 7.3 | 0.02 | Dec 24, 2016 | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | ||
| CVE-2016-10038 | Hig | 0.41 | 7.3 | 0.02 | Dec 24, 2016 | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. | ||
| CVE-2016-10037 | Hig | 0.41 | 7.3 | 0.02 | Dec 24, 2016 | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | ||
| CVE-2022-50953 | Med | 0.40 | 6.2 | 0.00 | Jun 8, 2026 | WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path… | ||
| CVE-2026-0055 | Med | 0.40 | 6.2 | 0.00 | Jun 1, 2026 | In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User… | ||
| CVE-2026-31379 | Med | 0.40 | 6.1 | 0.01 | May 19, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects… |
- risk 0.41cvss 6.3epss 0.00
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive…
- risk 0.41cvss 6.3epss 0.00
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php.
- risk 0.41cvss 7.4epss 0.00
A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as…
- risk 0.41cvss 6.3epss 0.01
The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of…
- risk 0.41cvss 7.4epss 0.01
Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can…
- risk 0.41cvss 6.3epss 0.01
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
- risk 0.41cvss 7.3epss 0.04
A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack…
- risk 0.41cvss 7.3epss 0.01
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
- risk 0.41cvss 7.4epss 0.01
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path.…
- risk 0.41cvss 7.3epss 0.02
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in…
- risk 0.41cvss 7.4epss 0.04
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution…
- risk 0.41cvss 7.3epss 0.01
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can…
- risk 0.41cvss 5.3epss 0.39
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
- risk 0.41cvss 5.3epss 0.41
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
- risk 0.41cvss 7.3epss 0.02
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.
- risk 0.41cvss 7.3epss 0.02
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
- risk 0.41cvss 7.3epss 0.02
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
- risk 0.40cvss 6.2epss 0.00
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path…
- risk 0.40cvss 6.2epss 0.00
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- risk 0.40cvss 6.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects…