VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 13 of 275
  • CVE-2025-22152CriJan 10, 2025
    risk 0.59cvss 9.1epss 0.01

    Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through…

  • CVE-2024-11992CriNov 29, 2024
    risk 0.59cvss 9.1epss 0.01

    Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the…

  • CVE-2024-39619CriAug 1, 2024
    risk 0.59cvss 9.0epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.

  • CVE-2024-2024HigJun 14, 2024
    risk 0.59cvss 8.8epss 0.03

    The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and…

  • CVE-2024-33560CriJun 4, 2024
    risk 0.59cvss 9.0epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.3.8.

  • CVE-2024-31231CriMay 17, 2024
    risk 0.59cvss 9.0epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.

  • CVE-2023-32297CriMay 17, 2024
    risk 0.59cvss 9.0epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6.

  • CVE-2024-4956HigMay 16, 2024
    risk 0.59cvss 7.5epss 0.18

    Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.

  • CVE-2024-4701CriMay 14, 2024
    risk 0.59cvss 9.9epss 0.25

    A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18

  • CVE-2024-0221CriFeb 5, 2024
    risk 0.59cvss 9.1epss 0.01

    The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the…

  • CVE-2023-6699CriJan 11, 2024
    risk 0.59cvss 9.1epss 0.01

    The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the…

  • CVE-2023-5414CriOct 20, 2023
    risk 0.59cvss 9.1epss 0.01

    The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive…

  • CVE-2018-14912HigAug 3, 2018
    risk 0.59cvss 7.5epss 0.93

    cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

  • CVE-2018-6677CriJul 23, 2018
    risk 0.59cvss 9.1epss 0.02

    Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.

  • CVE-2018-7442CriFeb 23, 2018
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.

  • CVE-2017-8961HigFeb 15, 2018
    risk 0.59cvss 8.8epss 0.19

    A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.

  • CVE-2017-10861CriDec 1, 2017
    risk 0.59cvss 9.1epss 0.02

    Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.

  • CVE-2017-16806HigNov 13, 2017
    risk 0.59cvss 7.5epss 0.92

    The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.

  • CVE-2017-8805CriOct 17, 2017
    risk 0.59cvss 9.1epss 0.03

    Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.

  • CVE-2014-3702CriOct 16, 2017
    risk 0.59cvss 9.1epss 0.02

    Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter.