VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 134 of 275
  • CVE-2024-8163MedAug 26, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the…

  • CVE-2024-42474MedAug 12, 2024
    risk 0.35cvss 6.5epss 0.01

    Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when…

  • CVE-2024-3934MedJul 20, 2024
    risk 0.35cvss 6.5epss 0.01

    The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the…

  • CVE-2024-39178MedJul 5, 2024
    risk 0.35cvss 5.4epss 0.00

    MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid.

  • CVE-2023-49793MedJun 24, 2024
    risk 0.35cvss 6.5epss 0.01

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display…

  • CVE-2024-37825MedJun 24, 2024
    risk 0.35cvss 5.4epss 0.00

    An issue in EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 (fixed in OneStop 3.2.0.27184 Hotfix May 2024) allows unauthenticated attackers on the same network to perform a directory traversal.

  • CVE-2024-5550MedJun 6, 2024
    risk 0.35cvss 5.3epss 0.01

    In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue…

  • CVE-2024-30509MedMay 17, 2024
    risk 0.35cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1.

  • CVE-2023-46197MedMay 17, 2024
    risk 0.35cvss 5.3epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.

  • CVE-2024-34712MedMay 14, 2024
    risk 0.35cvss 6.5epss 0.01

    Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as `Client.rest.channels.removeBan` is not url-encoded, resulting in specially crafted input such as `../../../channels/{id}` being normalized into the url…

  • CVE-2024-31860MedApr 9, 2024
    risk 0.35cvss 6.5epss 0.01

    Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are…

  • CVE-2024-2210MedMar 27, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include…

  • CVE-2024-2203MedMar 27, 2024
    risk 0.35cvss 6.4epss 0.01

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute…

  • CVE-2024-1142MedMar 21, 2024
    risk 0.35cvss 5.4epss 0.01

    Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue.

  • CVE-2023-49508MedFeb 16, 2024
    risk 0.35cvss 6.5epss 0.01

    Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.

  • CVE-2024-25620MedFeb 15, 2024
    risk 0.35cvss 6.4epss 0.01

    Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected…

  • CVE-2024-23899MedJan 24, 2024
    risk 0.35cvss 6.5epss 0.01

    Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from…

  • CVE-2023-47440MedDec 7, 2023
    risk 0.35cvss 6.5epss 0.01

    Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

  • CVE-2023-46655MedOct 25, 2023
    risk 0.35cvss 6.5epss 0.01

    Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from…

  • CVE-2021-46897MedOct 22, 2023
    risk 0.35cvss 6.5epss 0.01

    views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.