VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 123 of 275
  • CVE-2025-54659MedMar 10, 2026
    risk 0.38cvss 5.8epss 0.00

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read…

  • CVE-2025-12002MedJan 17, 2026
    risk 0.38cvss 5.9epss 0.00

    The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby_check_wp_submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation.…

  • CVE-2025-59336MedSep 16, 2025
    risk 0.38cvss epss 0.00

    Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec…

  • CVE-2025-55214MedAug 18, 2025
    risk 0.38cvss epss 0.00

    Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the…

  • CVE-2025-42970MedJul 8, 2025
    risk 0.38cvss 5.8epss 0.00

    SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on…

  • CVE-2025-4187MedJun 14, 2025
    risk 0.38cvss 5.9epss 0.01

    The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of…

  • CVE-2025-3223MedMay 19, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier.

  • CVE-2025-31411MedApr 10, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.12.

  • CVE-2025-31554MedApr 3, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in docxpresso Docxpresso docxpresso allows Absolute Path Traversal.This issue affects Docxpresso: from n/a through <= 2.6.

  • CVE-2024-13894MedMar 6, 2025
    risk 0.38cvss epss 0.00

    Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at…

  • CVE-2025-1035MedFeb 18, 2025
    risk 0.38cvss 5.7epss 0.10

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls. This issue affects KLog Server: before 3.1.1.

  • CVE-2024-53586MedFeb 6, 2025
    risk 0.38cvss 5.3epss 0.02

    An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files,…

  • CVE-2024-55415MedJan 30, 2025
    risk 0.38cvss 5.7epss 0.15

    DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.

  • CVE-2025-23562MedJan 22, 2025
    risk 0.38cvss 5.8epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pitinca XLSXviewer xlsx-viewer allows Path Traversal.This issue affects XLSXviewer: from n/a through <= 2.1.1.

  • CVE-2024-42007MedJul 26, 2024
    risk 0.38cvss 5.8epss 0.01

    SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.

  • CVE-2017-6020MedApr 17, 2018
    risk 0.38cvss 5.3epss 0.09

    Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.

  • CVE-2017-9965MedJan 2, 2018
    risk 0.38cvss 5.8epss 0.05

    An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.

  • CVE-2017-6805MedMar 20, 2017
    risk 0.38cvss 5.3epss 0.08

    Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.

  • CVE-2026-39468MedJun 15, 2026
    risk 0.37cvss 6.8epss 0.00

    Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions.

  • CVE-2026-45775MedJun 12, 2026
    risk 0.37cvss 6.8epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator…