VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 133 of 275
  • CVE-2025-7628MedJul 14, 2025
    risk 0.35cvss 5.4epss 0.01

    A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is…

  • CVE-2025-7450MedJul 11, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has been classified as critical. This affects the function ResetUserAvatar of the file controller/api/v1/user.go of the component API. The manipulation of the argument filename leads to path traversal. It is…

  • CVE-2025-7108MedJul 7, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file /Digital-Infrastructure-9.6.7/y9-digitalbase-webapp/y9-module-filemanager/risenet-y9boot-webapp-filemanager/sr…

  • CVE-2025-53358MedJul 2, 2025
    risk 0.35cvss 6.5epss 0.00

    kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the index_fn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them,…

  • CVE-2025-5981MedJun 18, 2025
    risk 0.35cvss 6.5epss 0.00

    Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

  • CVE-2025-5029MedMay 21, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file…

  • CVE-2025-32950MedApr 22, 2025
    risk 0.35cvss 6.5epss 0.01

    Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the…

  • CVE-2025-32779MedApr 15, 2025
    risk 0.35cvss 6.5epss 0.01

    E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the `/backup/import` API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip…

  • CVE-2025-3043MedApr 1, 2025
    risk 0.35cvss 5.3epss 0.01

    A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has…

  • CVE-2025-3048MedMar 31, 2025
    risk 0.35cvss 6.5epss 0.01

    After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to…

  • CVE-2025-3047MedMar 31, 2025
    risk 0.35cvss 6.5epss 0.01

    When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions…

  • CVE-2024-12217MedMar 20, 2025
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blocked_path functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application…

  • CVE-2024-13897MedMar 6, 2025
    risk 0.35cvss 6.5epss 0.01

    The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with…

  • CVE-2025-1743MedFeb 27, 2025
    risk 0.35cvss 5.3epss 0.02

    A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit…

  • CVE-2024-56142MedDec 17, 2024
    risk 0.35cvss 6.5epss 0.00

    pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path…

  • CVE-2024-51751MedNov 6, 2024
    risk 0.35cvss 6.5epss 0.01

    Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to…

  • CVE-2024-47164MedOct 10, 2024
    risk 0.35cvss 6.5epss 0.01

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed…

  • CVE-2024-47818MedOct 7, 2024
    risk 0.35cvss 6.5epss 0.01

    Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to…

  • CVE-2024-46977MedOct 2, 2024
    risk 0.35cvss 6.5epss 0.01

    OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the…

  • CVE-2024-9224MedOct 1, 2024
    risk 0.35cvss 6.5epss 0.01

    The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of…