VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 118 of 275
  • CVE-2025-15066MedDec 29, 2025
    risk 0.40cvss 6.2epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is…

  • CVE-2025-57811HigAug 25, 2025
    risk 0.40cvss 7.2epss 0.01

    Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has…

  • CVE-2025-54433HigJul 30, 2025
    risk 0.40cvss epss 0.01

    Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted event_id input without validation. A specially crafted event_id can…

  • CVE-2025-53110HigJul 2, 2025
    risk 0.40cvss epss 0.01

    Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised…

  • CVE-2025-40592MedJun 12, 2025
    risk 0.40cvss 6.1epss 0.00

    A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions <…

  • CVE-2025-4206HigMay 9, 2025
    risk 0.40cvss 7.2epss 0.01

    The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'process_export_delete' and 'process_import_delete' functions in all versions…

  • CVE-2025-29787HigMar 17, 2025
    risk 0.40cvss epss 0.01

    `zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used…

  • CVE-2025-27101HigMar 11, 2025
    risk 0.40cvss epss 0.01

    Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have…

  • CVE-2024-13910HigMar 1, 2025
    risk 0.40cvss 7.2epss 0.01

    The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'database_backup_ajax_delete' function in all versions up to, and including, 2.35. This makes it…

  • CVE-2024-11010HigDec 7, 2024
    risk 0.40cvss 7.2epss 0.01

    The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with…

  • CVE-2024-52293HigNov 13, 2024
    risk 0.40cvss 7.2epss 0.01

    Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in…

  • CVE-2024-6281HigJul 20, 2024
    risk 0.40cvss 7.3epss 0.00

    A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to…

  • CVE-2024-5821MedJul 3, 2024
    risk 0.40cvss 6.2epss 0.00

    The vulnerability allows an attacker to access sensitive files on the server by confusing the agent with incorrect file names. When a user requests the content of a file with a misspelled name, the agent attempts to correct the command and inadvertently reveals the content of…

  • CVE-2024-1629MedMay 14, 2024
    risk 0.40cvss 6.2epss 0.00

    Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component

  • CVE-2024-0406MedApr 6, 2024
    risk 0.40cvss 6.1epss 0.01

    A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or…

  • CVE-2024-27081HigFeb 26, 2024
    risk 0.40cvss 7.2epss 0.02

    ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the…

  • CVE-2024-22415HigJan 18, 2024
    risk 0.40cvss 7.3epss 0.00

    jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating…

  • CVE-2023-3172HigJun 9, 2023
    risk 0.40cvss 7.2epss 0.01

    Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.

  • CVE-2021-41143HigJan 27, 2023
    risk 0.40cvss 7.2epss 0.01

    OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

  • CVE-2019-25075MedAug 23, 2022
    risk 0.40cvss 6.1epss 0.01

    HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.