VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 142 of 275
  • CVE-2024-45291MedOct 7, 2024
    risk 0.34cvss 6.3epss 0.01

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files…

  • CVE-2024-43281MedAug 19, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Elementor Page builder:…

  • CVE-2024-38709MedJul 12, 2024
    risk 0.34cvss 5.3epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Milan Petrovic GD Rating System allows PHP Local File Inclusion.This issue affects GD Rating System: from n/a through 3.6.

  • CVE-2024-5433MedMay 28, 2024
    risk 0.34cvss epss 0.00

    The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous,…

  • CVE-2024-31462MedApr 12, 2024
    risk 0.34cvss 6.3epss 0.01

    stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input…

  • CVE-2024-23540MedApr 3, 2024
    risk 0.34cvss 5.3epss 0.01

    The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file.

  • CVE-2023-35812MedApr 3, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used,…

  • CVE-2023-5115MedDec 18, 2023
    risk 0.34cvss 6.3epss 0.01

    An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

  • CVE-2023-4782MedSep 8, 2023
    risk 0.34cvss 6.3epss 0.00

    Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

  • CVE-2023-38708MedAug 4, 2023
    risk 0.34cvss 6.3epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by…

  • CVE-2022-4493MedDec 14, 2022
    risk 0.34cvss 6.3epss 0.01

    A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal.…

  • CVE-2022-41920MedNov 17, 2022
    risk 0.34cvss 6.3epss 0.01

    Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to…

  • CVE-2022-41235MedSep 21, 2022
    risk 0.34cvss 5.3epss 0.01

    Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.

  • CVE-2022-21693MedJan 18, 2022
    risk 0.34cvss 6.3epss 0.01

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can…

  • CVE-2020-26299MedFeb 10, 2021
    risk 0.34cvss 6.3epss 0.02

    ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the…

  • CVE-2018-1271MedApr 6, 2018
    risk 0.34cvss 5.9epss 0.36

    Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed…

  • CVE-2017-10273MedJan 18, 2018
    risk 0.34cvss 4.7epss 0.01

    Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged…

  • CVE-2016-7169MedJan 5, 2017
    risk 0.34cvss 6.3epss 0.03

    Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.

  • CVE-2026-44437MedMay 13, 2026
    risk 0.33cvss 6.1epss 0.00

    The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism…

  • CVE-2026-29050MedApr 24, 2026
    risk 0.33cvss 6.1epss 0.00

    melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set…