CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

CWE-706

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (3,719)

page 146 of 186

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2008-0905	0.03	—	0.04	Feb 22, 2008	Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-0840	0.03	—	0.03	Feb 20, 2008	Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter.
CVE-2008-0822	0.03	—	0.03	Feb 19, 2008	Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0818	0.03	—	0.04	Feb 19, 2008	Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
CVE-2008-0819	0.03	—	0.01	Feb 19, 2008	Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0814	0.03	—	0.03	Feb 19, 2008	Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
CVE-2008-0813	0.03	—	0.04	Feb 19, 2008	Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
CVE-2008-0812	0.03	—	0.03	Feb 19, 2008	Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter.
CVE-2008-0798	0.03	—	0.05	Feb 15, 2008	Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to artmedic_print.php.
CVE-2008-0794	0.03	—	0.04	Feb 15, 2008	Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2008-0760	0.03	—	0.06	Feb 13, 2008	Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483.
CVE-2008-0745	0.03	—	0.03	Feb 13, 2008	Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0742	0.03	—	0.03	Feb 13, 2008	Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.
CVE-2008-0703	0.03	—	0.04	Feb 12, 2008	Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.
CVE-2008-0609	0.03	—	0.04	Feb 6, 2008	Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0612	0.03	—	0.05	Feb 6, 2008	Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-0602	0.03	—	0.03	Feb 6, 2008	Directory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter.
CVE-2008-0559	0.03	—	0.02	Feb 4, 2008	Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.
CVE-2008-0545	0.03	—	0.04	Feb 1, 2008	Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.
CVE-2008-0542	0.03	—	0.04	Feb 1, 2008	Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

CVE-2008-0905Feb 22, 2008
risk 0.03cvss —epss 0.04
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-0840Feb 20, 2008
risk 0.03cvss —epss 0.03
Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter.
CVE-2008-0822Feb 19, 2008
risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0818Feb 19, 2008
risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
CVE-2008-0819Feb 19, 2008
risk 0.03cvss —epss 0.01
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0814Feb 19, 2008
risk 0.03cvss —epss 0.03
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
CVE-2008-0813Feb 19, 2008
risk 0.03cvss —epss 0.04
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
CVE-2008-0812Feb 19, 2008
risk 0.03cvss —epss 0.03
Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter.
CVE-2008-0798Feb 15, 2008
risk 0.03cvss —epss 0.05
Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to artmedic_print.php.
CVE-2008-0794Feb 15, 2008
risk 0.03cvss —epss 0.04
Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2008-0760Feb 13, 2008
risk 0.03cvss —epss 0.06
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483.
CVE-2008-0745Feb 13, 2008
risk 0.03cvss —epss 0.03
Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0742Feb 13, 2008
risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.
CVE-2008-0703Feb 12, 2008
risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.
CVE-2008-0609Feb 6, 2008
risk 0.03cvss —epss 0.04
Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0612Feb 6, 2008
risk 0.03cvss —epss 0.05
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-0602Feb 6, 2008
risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter.
CVE-2008-0559Feb 4, 2008
risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.
CVE-2008-0545Feb 1, 2008
risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.
CVE-2008-0542Feb 1, 2008
risk 0.03cvss —epss 0.04
Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.