VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 158 of 275
  • CVE-2019-17572MedMay 14, 2020
    risk 0.28cvss 5.3epss 0.03

    In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads…

  • CVE-2020-7647MedMay 11, 2020
    risk 0.28cvss 5.3epss 0.02

    All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.

  • CVE-2019-18978MedNov 14, 2019
    risk 0.28cvss 5.3epss 0.02

    An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

  • CVE-2018-15750MedOct 24, 2018
    risk 0.28cvss 5.3epss 0.04

    Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

  • CVE-2018-8041MedSep 17, 2018
    risk 0.28cvss 5.3epss 0.10

    Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.

  • CVE-2018-14355MedJul 17, 2018
    risk 0.28cvss 5.3epss 0.03

    An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.

  • CVE-2018-14056MedJul 15, 2018
    risk 0.28cvss 5.3epss 0.02

    ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

  • CVE-2018-7764MedJul 3, 2018
    risk 0.28cvss 4.3epss 0.01

    The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet.

  • CVE-2018-7763MedJul 3, 2018
    risk 0.28cvss 4.3epss 0.01

    The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability.

  • CVE-2018-11342MedMay 22, 2018
    risk 0.28cvss 4.3epss 0.01

    A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.

  • CVE-2018-0586MedMay 14, 2018
    risk 0.28cvss 4.3epss 0.02

    Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.

  • CVE-2018-9159MedMar 31, 2018
    risk 0.28cvss 5.3epss 0.05

    In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.

  • CVE-2018-2366MedMar 14, 2018
    risk 0.28cvss 4.3epss 0.02

    SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.

  • CVE-2018-7212MedFeb 18, 2018
    risk 0.28cvss 5.3epss 0.02

    An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.

  • CVE-2017-10907MedDec 22, 2017
    risk 0.28cvss 4.3epss 0.01

    Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.

  • CVE-2017-2258MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".

  • CVE-2016-4320MedApr 10, 2017
    risk 0.28cvss 4.3epss 0.02

    Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.

  • CVE-2016-6370MedSep 12, 2016
    risk 0.28cvss 4.3epss 0.02

    Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.

  • CVE-2016-5664MedAug 26, 2016
    risk 0.28cvss 4.3epss 0.02

    Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.

  • CVE-2016-5307MedJun 30, 2016
    risk 0.28cvss 4.3epss 0.03

    Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.