VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 12 of 275
  • CVE-2024-5153CriJun 6, 2024
    risk 0.60cvss 9.1epss 0.01

    The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server,…

  • CVE-2024-27448CriApr 5, 2024
    risk 0.60cvss 9.1epss 0.01

    MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.

  • CVE-2018-15745HigAug 30, 2018
    risk 0.60cvss 7.5epss 0.98

    Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.

  • CVE-2018-8780CriApr 3, 2018
    risk 0.60cvss 9.1epss 0.10

    In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

  • CVE-2017-1000028HigJul 17, 2017
    risk 0.60cvss 7.5epss 0.99

    Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

  • CVE-2016-6601HigJan 23, 2017
    risk 0.60cvss 7.5epss 0.97

    Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

  • CVE-2016-1000112CriOct 6, 2016
    risk 0.60cvss 9.1epss 0.09

    Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin

  • CVE-2009-0244HigJan 21, 2009
    risk 0.60cvss 8.8epss 0.30

    Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and…

  • CVE-2026-54352criJun 22, 2026
    risk 0.59cvss epss 0.00

    ## Summary `POST /api/pwa/process-zip` at `packages/server/src/api/routes/static.ts:24` accepts a builder-uploaded `.zip`, extracts it with `extract-zip@2.0.1` into a temp directory, then for each entry listed in `icons.json` validates the icon path, opens it, and streams the…

  • CVE-2026-45390CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar(1) rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file…

  • CVE-2026-36500CriJun 5, 2026
    risk 0.59cvss 9.1epss 0.01

    An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request.

  • CVE-2026-44650CriMay 29, 2026
    risk 0.59cvss 9.1epss 0.01

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses…

  • CVE-2026-35174CriApr 6, 2026
    risk 0.59cvss 9.1epss 0.01

    Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows…

  • CVE-2026-30282CriMar 31, 2026
    risk 0.59cvss 9.0epss 0.00

    An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.

  • CVE-2026-24457CriMar 5, 2026
    risk 0.59cvss 9.1epss 0.01

    An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.

  • CVE-2025-68145CriDec 17, 2025
    risk 0.59cvss 9.1epss 0.06

    In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could…

  • CVE-2025-48017CriMay 20, 2025
    risk 0.59cvss 9.0epss 0.00

    Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files

  • CVE-2025-2749HigKEVMar 24, 2025
    risk 0.59cvss 7.2epss 0.04

    An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to…

  • CVE-2025-1127CriFeb 13, 2025
    risk 0.59cvss 9.1epss 0.01

    The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.

  • CVE-2025-0851CriJan 29, 2025
    risk 0.59cvss 9.8epss 0.23

    A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.