CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,719)
page 130 of 186| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-2313 | 0.03 | — | 0.02 | Jul 2, 2009 | Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. | ||
| CVE-2008-6843 | 0.03 | — | 0.01 | Jul 2, 2009 | Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter. | ||
| CVE-2008-6842 | 0.03 | — | 0.03 | Jul 2, 2009 | Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter. | ||
| CVE-2009-2275 | 0.03 | — | 0.01 | Jul 1, 2009 | Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter. | ||
| CVE-2009-2263 | 0.03 | — | 0.01 | Jun 30, 2009 | Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | ||
| CVE-2009-2258 | 0.03 | — | 0.05 | Jun 30, 2009 | Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. | ||
| CVE-2009-2223 | 0.03 | — | 0.02 | Jun 26, 2009 | Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible. | ||
| CVE-2009-2220 | 0.03 | — | 0.03 | Jun 26, 2009 | Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894. | ||
| CVE-2009-2184 | 0.03 | — | 0.03 | Jun 23, 2009 | Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter. | ||
| CVE-2009-2183 | 0.03 | — | 0.01 | Jun 23, 2009 | Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter. | ||
| CVE-2009-2180 | 0.03 | — | 0.01 | Jun 23, 2009 | Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter. | ||
| CVE-2009-2177 | 0.03 | — | 0.02 | Jun 23, 2009 | code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value. | ||
| CVE-2009-2176 | 0.03 | — | 0.04 | Jun 23, 2009 | Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php. | ||
| CVE-2009-2166 | 0.03 | — | 0.03 | Jun 22, 2009 | Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter. | ||
| CVE-2008-6834 | 0.03 | — | 0.03 | Jun 22, 2009 | Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164. | ||
| CVE-2008-6833 | 0.03 | — | 0.02 | Jun 22, 2009 | Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter. | ||
| CVE-2009-2151 | 0.03 | — | 0.03 | Jun 22, 2009 | Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter. | ||
| CVE-2009-2132 | 0.03 | — | 0.03 | Jun 19, 2009 | Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. | ||
| CVE-2009-2124 | 0.03 | — | 0.02 | Jun 19, 2009 | Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. | ||
| CVE-2009-2116 | 0.03 | — | 0.01 | Jun 18, 2009 | Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter. |
- CVE-2009-2313Jul 2, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter.
- CVE-2008-6843Jul 2, 2009risk 0.03cvss —epss 0.01
Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
- CVE-2008-6842Jul 2, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
- CVE-2009-2275Jul 1, 2009risk 0.03cvss —epss 0.01
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
- CVE-2009-2263Jun 30, 2009risk 0.03cvss —epss 0.01
Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
- CVE-2009-2258Jun 30, 2009risk 0.03cvss —epss 0.05
Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.
- CVE-2009-2223Jun 26, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
- CVE-2009-2220Jun 26, 2009risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894.
- CVE-2009-2184Jun 23, 2009risk 0.03cvss —epss 0.03
Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter.
- CVE-2009-2183Jun 23, 2009risk 0.03cvss —epss 0.01
Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter.
- CVE-2009-2180Jun 23, 2009risk 0.03cvss —epss 0.01
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
- CVE-2009-2177Jun 23, 2009risk 0.03cvss —epss 0.02
code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.
- CVE-2009-2176Jun 23, 2009risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php.
- CVE-2009-2166Jun 22, 2009risk 0.03cvss —epss 0.03
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
- CVE-2008-6834Jun 22, 2009risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164.
- CVE-2008-6833Jun 22, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter.
- CVE-2009-2151Jun 22, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter.
- CVE-2009-2132Jun 19, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
- CVE-2009-2124Jun 19, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
- CVE-2009-2116Jun 18, 2009risk 0.03cvss —epss 0.01
Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter.