VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 147 of 275
  • CVE-2018-16819MedSep 18, 2018
    risk 0.32cvss 4.9epss 0.01

    admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests.

  • CVE-2018-16831MedSep 11, 2018
    risk 0.32cvss 5.9epss 0.03

    Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.

  • CVE-2018-16437MedSep 5, 2018
    risk 0.32cvss 4.9epss 0.02

    Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.

  • CVE-2018-15536MedAug 24, 2018
    risk 0.32cvss 5.5epss 0.06

    /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.

  • CVE-2018-4861MedJun 26, 2018
    risk 0.32cvss 4.9epss 0.02

    A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker…

  • CVE-2016-10528MedMay 31, 2018
    risk 0.32cvss 4.9epss 0.01

    restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified.

  • CVE-2018-11495MedMay 26, 2018
    risk 0.32cvss 4.9epss 0.02

    OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.

  • CVE-2017-16759MedNov 9, 2017
    risk 0.32cvss 5.9epss 0.02

    The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.

  • CVE-2017-10841MedAug 29, 2017
    risk 0.32cvss 4.9epss 0.02

    Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.

  • CVE-2017-11440MedJul 19, 2017
    risk 0.32cvss 4.9epss 0.02

    In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.

  • CVE-2017-8003MedJul 9, 2017
    risk 0.32cvss 4.9epss 0.03

    EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in…

  • CVE-2017-5966MedMay 23, 2017
    risk 0.32cvss 4.9epss 0.02

    Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.

  • CVE-2017-2117MedApr 28, 2017
    risk 0.32cvss 4.9epss 0.02

    Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.

  • CVE-2016-7135MedMar 7, 2017
    risk 0.32cvss 4.9epss 0.03

    Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.

  • CVE-2016-5092MedJul 13, 2016
    risk 0.32cvss 4.9epss 0.02

    Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.

  • CVE-2026-0270MedJun 10, 2026
    risk 0.31cvss epss 0.00

    A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write…

  • CVE-2026-52756MedJun 10, 2026
    risk 0.31cvss 4.8epss 0.00

    Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send…

  • CVE-2026-52902MedJun 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it…

  • CVE-2026-44837MedMay 26, 2026
    risk 0.31cvss 5.9epss 0.00

    view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the…

  • CVE-2026-41389MedApr 20, 2026
    risk 0.31cvss 5.8epss 0.00

    OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access,…