VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 15 of 275
  • CVE-2017-16606HigJan 23, 2018
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism…

  • CVE-2017-16598HigJan 23, 2018
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication…

  • CVE-2017-15550HigJan 5, 2018
    risk 0.58cvss 8.8epss 0.08

    An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on…

  • CVE-2017-10940HigOct 31, 2017
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to…

  • CVE-2014-5302HigAug 28, 2017
    risk 0.58cvss 8.8epss 0.11

    Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.

  • CVE-2017-10974HigJul 7, 2017
    risk 0.58cvss 7.5epss 0.81

    Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in…

  • CVE-2016-8593HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.07

    Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.

  • CVE-2017-5982HigFeb 28, 2017
    risk 0.58cvss 7.5epss 0.78

    Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

  • CVE-2016-1505CriFeb 3, 2016
    risk 0.58cvss 10.0epss 0.03

    The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

  • CVE-2010-0012HigJan 8, 2010
    risk 0.58cvss 8.8epss 0.04

    Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

  • CVE-2026-45171HigJun 11, 2026
    risk 0.57cvss epss 0.01

    Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security…

  • CVE-2026-47932HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.08

    ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized…

  • CVE-2026-36723HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables…

  • CVE-2026-32193HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

  • CVE-2026-25559HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.01

    OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist…

  • CVE-2026-9506HigJun 8, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access…

  • CVE-2026-11419HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage…

  • CVE-2026-35082HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

  • CVE-2026-45661CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with…

  • CVE-2026-4944HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.01

    vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and `vllm/model_executor/models/kimi_k25.py`). This bypasses the user's explicit…