VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 129 of 275
  • CVE-2016-7842MedApr 28, 2017
    risk 0.36cvss 5.5epss 0.03

    Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.

  • CVE-2017-7461MedApr 11, 2017
    risk 0.36cvss 4.9epss 0.11

    Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not…

  • CVE-2016-4314MedFeb 17, 2017
    risk 0.36cvss 4.9epss 0.12

    Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.

  • CVE-2016-7569MedJan 27, 2017
    risk 0.36cvss 5.5epss 0.03

    Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.

  • CVE-2016-4004MedApr 12, 2016
    risk 0.36cvss 4.9epss 0.09

    Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.

  • CVE-2010-0481MedApr 14, 2010
    risk 0.36cvss 5.5epss 0.02

    The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application,…

  • CVE-2026-11769MedJun 13, 2026
    risk 0.35cvss epss 0.00

    We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. ### Summary The Grafana Operator supports loading dashboards & library panels…

  • CVE-2026-53825MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify…

  • CVE-2026-49818MedJun 9, 2026
    risk 0.35cvss 6.5epss 0.01

    The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, so an object named with `../` segments resolved a write path outside the configured `destination_path`. An attacker able to write objects…

  • CVE-2026-41972MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.00

    Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-11467MedJun 8, 2026
    risk 0.35cvss 5.4epss 0.00

    A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such…

  • CVE-2026-46397MedJun 5, 2026
    risk 0.35cvss 6.5epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the…

  • CVE-2026-10213MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated…

  • CVE-2026-44353MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list…

  • CVE-2026-47118MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is…

  • CVE-2026-45008MedMay 15, 2026
    risk 0.35cvss 6.5epss 0.00

    phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to…

  • CVE-2026-6670MedMay 14, 2026
    risk 0.35cvss 6.5epss 0.01

    The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal…

  • CVE-2026-44440MedMay 13, 2026
    risk 0.35cvss 6.5epss 0.00

    ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files.…

  • CVE-2026-22677MedMay 13, 2026
    risk 0.35cvss 6.5epss 0.00

    Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in…

  • CVE-2026-31156MedMay 13, 2026
    risk 0.35cvss 6.5epss 0.00

    A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are…