CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,734)
page 121 of 187| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-2033 | 0.03 | — | 0.01 | May 25, 2010 | Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||
| CVE-2010-2018 | 0.03 | — | 0.00 | May 24, 2010 | Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||
| CVE-2010-1999 | 0.03 | — | 0.02 | May 20, 2010 | Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | ||
| CVE-2010-1983 | 0.03 | — | 0.01 | May 19, 2010 | Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. | ||
| CVE-2010-1982 | 0.03 | — | 0.03 | May 19, 2010 | Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. | ||
| CVE-2010-1981 | 0.03 | — | 0.02 | May 19, 2010 | Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| CVE-2010-1979 | 0.03 | — | 0.02 | May 19, 2010 | Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| CVE-2010-1977 | 0.03 | — | 0.05 | May 19, 2010 | Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| CVE-2010-1948 | 0.03 | — | 0.02 | May 19, 2010 | Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | ||
| CVE-2010-1947 | 0.03 | — | 0.03 | May 19, 2010 | Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter. NOTE: this may be related to CVE-2007-2069. | ||
| CVE-2010-1957 | 0.03 | — | 0.06 | May 19, 2010 | Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| CVE-2010-1956 | 0.03 | — | 0.03 | May 19, 2010 | Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | ||
| CVE-2010-1955 | 0.03 | — | 0.02 | May 19, 2010 | Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| CVE-2010-1954 | 0.03 | — | 0.06 | May 19, 2010 | Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | ||
| CVE-2010-1953 | 0.03 | — | 0.02 | May 19, 2010 | Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| CVE-2010-1952 | 0.03 | — | 0.03 | May 19, 2010 | Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| CVE-2010-1951 | 0.03 | — | 0.02 | May 19, 2010 | Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php. | ||
| CVE-2010-1936 | 0.03 | — | 0.02 | May 12, 2010 | Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | ||
| CVE-2010-1935 | 0.03 | — | 0.02 | May 12, 2010 | Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | ||
| CVE-2010-1928 | 0.03 | — | 0.02 | May 12, 2010 | Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. |
- CVE-2010-2033May 25, 2010risk 0.03cvss —epss 0.01
Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
- CVE-2010-2018May 24, 2010risk 0.03cvss —epss 0.00
Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
- CVE-2010-1999May 20, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
- CVE-2010-1983May 19, 2010risk 0.03cvss —epss 0.01
Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
- CVE-2010-1982May 19, 2010risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
- CVE-2010-1981May 19, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
- CVE-2010-1979May 19, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
- CVE-2010-1977May 19, 2010risk 0.03cvss —epss 0.05
Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
- CVE-2010-1948May 19, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
- CVE-2010-1947May 19, 2010risk 0.03cvss —epss 0.03
Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter. NOTE: this may be related to CVE-2007-2069.
- CVE-2010-1957May 19, 2010risk 0.03cvss —epss 0.06
Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
- CVE-2010-1956May 19, 2010risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
- CVE-2010-1955May 19, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
- CVE-2010-1954May 19, 2010risk 0.03cvss —epss 0.06
Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
- CVE-2010-1953May 19, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
- CVE-2010-1952May 19, 2010risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
- CVE-2010-1951May 19, 2010risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php.
- CVE-2010-1936May 12, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
- CVE-2010-1935May 12, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
- CVE-2010-1928May 12, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.