VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 138 of 275
  • CVE-2018-7434MedFeb 24, 2018
    risk 0.35cvss 5.3epss 0.02

    zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.

  • CVE-2018-7296MedFeb 22, 2018
    risk 0.35cvss 5.3epss 0.02

    Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with…

  • CVE-2014-3972MedFeb 19, 2018
    risk 0.35cvss 5.3epss 0.02

    Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2017-18038MedFeb 2, 2018
    risk 0.35cvss 5.3epss 0.01

    The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.

  • CVE-2018-5445MedJan 25, 2018
    risk 0.35cvss 5.3epss 0.02

    A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.

  • CVE-2017-1000490MedJan 3, 2018
    risk 0.35cvss 6.5epss 0.01

    Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.

  • CVE-2017-17927MedDec 27, 2017
    risk 0.35cvss 5.3epss 0.02

    PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.

  • CVE-2017-17924MedDec 27, 2017
    risk 0.35cvss 5.3epss 0.02

    PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.

  • CVE-2017-1548MedDec 11, 2017
    risk 0.35cvss 5.3epss 0.02

    IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.

  • CVE-2017-9947MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.07

    A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain…

  • CVE-2017-14513MedSep 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.

  • CVE-2017-6629MedMay 3, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP…

  • CVE-2017-2150MedApr 28, 2017
    risk 0.35cvss 5.3epss 0.02

    Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.

  • CVE-2017-8115MedApr 25, 2017
    risk 0.35cvss 5.3epss 0.03

    Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.

  • CVE-2017-8104MedApr 24, 2017
    risk 0.35cvss 5.3epss 0.03

    In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.

  • CVE-2016-9357MedFeb 13, 2017
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx…

  • CVE-2016-9339MedFeb 13, 2017
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the…

  • CVE-2016-4987MedFeb 9, 2017
    risk 0.35cvss 6.5epss 0.03

    Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.

  • CVE-2017-5541MedJan 20, 2017
    risk 0.35cvss 5.3epss 0.02

    Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.

  • CVE-2016-7087MedDec 29, 2016
    risk 0.35cvss 5.3epss 0.04

    Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.