VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 14 of 275
  • CVE-2017-9097CriJun 16, 2017
    risk 0.59cvss 9.1epss 0.04

    In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or…

  • CVE-2016-6269CriJan 30, 2017
    risk 0.59cvss 9.1epss 0.04

    Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1)…

  • CVE-2017-5539CriJan 23, 2017
    risk 0.59cvss 9.1epss 0.04

    The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used…

  • CVE-2026-38360CriMay 8, 2026
    risk 0.58cvss 9.8epss 0.06

    Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, BaseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components.

  • CVE-2019-25246HigDec 24, 2025
    risk 0.58cvss 8.8epss 0.17

    Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like…

  • CVE-2023-7327HigNov 12, 2025
    risk 0.58cvss epss 0.02

    Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the…

  • CVE-2025-11696HigNov 11, 2025
    risk 0.58cvss epss 0.00

    A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.

  • CVE-2013-10046HigAug 1, 2025
    risk 0.58cvss epss 0.00

    A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated…

  • CVE-2025-52562CriJun 23, 2025
    risk 0.58cvss 10.0epss 0.02

    Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by…

  • CVE-2024-12035HigMar 7, 2025
    risk 0.58cvss 8.8epss 0.01

    The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level…

  • CVE-2024-11303HigNov 18, 2024
    risk 0.58cvss epss 0.02

    The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2.

  • CVE-2024-50509HigOct 30, 2024
    risk 0.58cvss 8.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.

  • CVE-2024-37902CriJun 17, 2024
    risk 0.58cvss 10.0epss 0.01

    DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched…

  • CVE-2024-1961HigApr 16, 2024
    risk 0.58cvss 8.8epss 0.01

    vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifact_path'…

  • CVE-2024-25386HigMar 1, 2024
    risk 0.58cvss 8.8epss 0.02

    Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file.

  • CVE-2023-6972CriDec 23, 2023
    risk 0.58cvss 9.8epss 0.01

    The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for…

  • CVE-2018-11455HigAug 7, 2018
    risk 0.58cvss 8.8epss 0.05

    A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution,…

  • CVE-2018-12895HigJun 26, 2018
    risk 0.58cvss 8.8epss 0.63

    WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in…

  • CVE-2017-0918HigMar 21, 2018
    risk 0.58cvss 8.8epss 0.05

    Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.

  • CVE-2018-8741HigMar 17, 2018
    risk 0.58cvss 8.8epss 0.04

    A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.