VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 155 of 275
  • CVE-2024-57186MedJun 10, 2025
    risk 0.28cvss 5.4epss 0.00

    In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.

  • CVE-2025-5880MedJun 9, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public…

  • CVE-2025-5714MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path…

  • CVE-2025-4530MedMay 11, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path…

  • CVE-2025-46565MedMay 1, 2025
    risk 0.28cvss 5.3epss 0.01

    Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server…

  • CVE-2025-4078MedApr 29, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The attack may be initiated…

  • CVE-2025-3562MedApr 14, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched…

  • CVE-2025-3214MedApr 4, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched…

  • CVE-2024-7631MedMar 19, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath…

  • CVE-2024-30143MedMar 13, 2025
    risk 0.28cvss 4.3epss 0.00

    HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the…

  • CVE-2025-1357MedFeb 16, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2025-1228MedFeb 12, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipulation of the argument…

  • CVE-2024-8685MedFeb 10, 2025
    risk 0.28cvss 4.3epss 0.00

    Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to list device directories via the ‘/pictory/php/getFileList.php’ endpoint in the ‘dir’ parameter.

  • CVE-2024-54535MedJan 15, 2025
    risk 0.28cvss 4.3epss 0.00

    A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.

  • CVE-2024-12429MedJan 7, 2025
    risk 0.28cvss 4.3epss 0.00

    An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3…

  • CVE-2024-56514MedJan 3, 2025
    risk 0.28cvss epss 0.01

    Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTP(s) URL to…

  • CVE-2024-55659MedDec 12, 2024
    risk 0.28cvss 5.4epss 0.00

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.

  • CVE-2024-54004MedNov 27, 2024
    risk 0.28cvss 4.3epss 0.01

    Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.

  • CVE-2024-42499MedNov 15, 2024
    risk 0.28cvss 5.3epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file…

  • CVE-2024-50336MedNov 12, 2024
    risk 0.28cvss epss 0.01

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated…