CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,719)
page 147 of 186| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-0521 | 0.03 | — | 0.04 | Jan 31, 2008 | Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545. | ||
| CVE-2008-0488 | 0.03 | — | 0.03 | Jan 30, 2008 | Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter. | ||
| CVE-2008-0501 | 0.03 | — | 0.04 | Jan 30, 2008 | Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI. | ||
| CVE-2008-0489 | 0.03 | — | 0.02 | Jan 30, 2008 | Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||
| CVE-2008-0478 | 0.03 | — | 0.04 | Jan 29, 2008 | Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php. | ||
| CVE-2008-0459 | 0.03 | — | 0.04 | Jan 25, 2008 | Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter. | ||
| CVE-2008-0458 | 0.03 | — | 0.04 | Jan 25, 2008 | Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php. | ||
| CVE-2008-0452 | 0.03 | — | 0.03 | Jan 25, 2008 | Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action. | ||
| CVE-2008-0435 | 0.03 | — | 0.05 | Jan 23, 2008 | Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action. | ||
| CVE-2008-0431 | 0.03 | — | 0.05 | Jan 23, 2008 | Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. | ||
| CVE-2008-0393 | 0.03 | — | 0.04 | Jan 23, 2008 | Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361. | ||
| CVE-2008-0357 | 0.03 | — | 0.06 | Jan 18, 2008 | Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | ||
| CVE-2008-0332 | 0.03 | — | 0.04 | Jan 17, 2008 | Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | ||
| CVE-2008-0259 | 0.03 | — | 0.04 | Jan 15, 2008 | Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters. | ||
| CVE-2008-0231 | 0.03 | — | 0.04 | Jan 11, 2008 | Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments. | ||
| CVE-2008-0221 | 0.03 | — | 0.03 | Jan 10, 2008 | Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. | ||
| CVE-2008-0184 | 0.03 | — | 0.02 | Jan 9, 2008 | Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. | ||
| CVE-2008-0158 | 0.03 | — | 0.04 | Jan 9, 2008 | Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter. | ||
| CVE-2008-0140 | 0.03 | — | 0.04 | Jan 8, 2008 | Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. | ||
| CVE-2007-6651 | 0.03 | — | 0.05 | Jan 4, 2008 | Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter. |
- CVE-2008-0521Jan 31, 2008risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
- CVE-2008-0488Jan 30, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.
- CVE-2008-0501Jan 30, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
- CVE-2008-0489Jan 30, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
- CVE-2008-0478Jan 29, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.
- CVE-2008-0459Jan 25, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter.
- CVE-2008-0458Jan 25, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php.
- CVE-2008-0452Jan 25, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
- CVE-2008-0435Jan 23, 2008risk 0.03cvss —epss 0.05
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
- CVE-2008-0431Jan 23, 2008risk 0.03cvss —epss 0.05
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
- CVE-2008-0393Jan 23, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.
- CVE-2008-0357Jan 18, 2008risk 0.03cvss —epss 0.06
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
- CVE-2008-0332Jan 17, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
- CVE-2008-0259Jan 15, 2008risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
- CVE-2008-0231Jan 11, 2008risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.
- CVE-2008-0221Jan 10, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
- CVE-2008-0184Jan 9, 2008risk 0.03cvss —epss 0.02
Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.
- CVE-2008-0158Jan 9, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.
- CVE-2008-0140Jan 8, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
- CVE-2007-6651Jan 4, 2008risk 0.03cvss —epss 0.05
Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter.