CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 138 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7434 | Med | 0.35 | 5.3 | 0.02 | Feb 24, 2018 | zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. | ||
| CVE-2018-7296 | Med | 0.35 | 5.3 | 0.02 | Feb 22, 2018 | Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with… | ||
| CVE-2014-3972 | Med | 0.35 | 5.3 | 0.02 | Feb 19, 2018 | Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2017-18038 | Med | 0.35 | 5.3 | 0.01 | Feb 2, 2018 | The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. | ||
| CVE-2018-5445 | Med | 0.35 | 5.3 | 0.02 | Jan 25, 2018 | A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. | ||
| CVE-2017-1000490 | — | Med | 0.35 | 6.5 | 0.01 | Jan 3, 2018 | Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. | |
| CVE-2017-17927 | Med | 0.35 | 5.3 | 0.02 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | ||
| CVE-2017-17924 | Med | 0.35 | 5.3 | 0.02 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | ||
| CVE-2017-1548 | Med | 0.35 | 5.3 | 0.02 | Dec 11, 2017 | IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | ||
| CVE-2017-9947 | Med | 0.35 | 5.3 | 0.07 | Oct 23, 2017 | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain… | ||
| CVE-2017-14513 | Med | 0.35 | 5.3 | 0.02 | Sep 17, 2017 | Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | ||
| CVE-2017-6629 | Med | 0.35 | 5.3 | 0.03 | May 3, 2017 | A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP… | ||
| CVE-2017-2150 | Med | 0.35 | 5.3 | 0.02 | Apr 28, 2017 | Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. | ||
| CVE-2017-8115 | Med | 0.35 | 5.3 | 0.03 | Apr 25, 2017 | Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | ||
| CVE-2017-8104 | Med | 0.35 | 5.3 | 0.03 | Apr 24, 2017 | In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | ||
| CVE-2016-9357 | Med | 0.35 | 5.3 | 0.02 | Feb 13, 2017 | An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx… | ||
| CVE-2016-9339 | Med | 0.35 | 5.3 | 0.02 | Feb 13, 2017 | An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the… | ||
| CVE-2016-4987 | Med | 0.35 | 6.5 | 0.03 | Feb 9, 2017 | Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. | ||
| CVE-2017-5541 | Med | 0.35 | 5.3 | 0.02 | Jan 20, 2017 | Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters. | ||
| CVE-2016-7087 | Med | 0.35 | 5.3 | 0.04 | Dec 29, 2016 | Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. |
- risk 0.35cvss 5.3epss 0.02
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.
- risk 0.35cvss 5.3epss 0.02
Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with…
- risk 0.35cvss 5.3epss 0.02
Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.
- risk 0.35cvss 5.3epss 0.01
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.
- risk 0.35cvss 5.3epss 0.02
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
- risk 0.35cvss 6.5epss 0.01
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.
- risk 0.35cvss 5.3epss 0.02
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.
- risk 0.35cvss 5.3epss 0.07
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain…
- risk 0.35cvss 5.3epss 0.02
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
- risk 0.35cvss 5.3epss 0.03
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP…
- risk 0.35cvss 5.3epss 0.02
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.
- risk 0.35cvss 5.3epss 0.03
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.
- risk 0.35cvss 5.3epss 0.03
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
- risk 0.35cvss 5.3epss 0.02
An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx…
- risk 0.35cvss 5.3epss 0.02
An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the…
- risk 0.35cvss 6.5epss 0.03
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.
- risk 0.35cvss 5.3epss 0.02
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
- risk 0.35cvss 5.3epss 0.04
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.