VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 162 of 275
  • CVE-2026-39345MedApr 7, 2026
    risk 0.25cvss 4.9epss 0.00

    OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary…

  • CVE-2026-4222LowMar 16, 2026
    risk 0.25cvss 3.8epss 0.00

    A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is…

  • CVE-2026-4044LowMar 12, 2026
    risk 0.25cvss 3.8epss 0.00

    A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files[] results in path traversal. Remote exploitation of the attack is…

  • CVE-2025-15589LowFeb 24, 2026
    risk 0.25cvss 3.8epss 0.01

    A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate…

  • CVE-2025-15187LowDec 29, 2025
    risk 0.25cvss 3.8epss 0.01

    A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The…

  • CVE-2023-0092MedJan 31, 2025
    risk 0.25cvss 4.9epss 0.01

    An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

  • CVE-2024-12850MedDec 24, 2024
    risk 0.25cvss 4.9epss 0.01

    The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with…

  • CVE-2024-36814MedOct 8, 2024
    risk 0.25cvss 4.9epss 0.01

    An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.

  • CVE-2024-1790MedApr 9, 2024
    risk 0.25cvss 4.9epss 0.01

    The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the…

  • CVE-2023-30451MedDec 25, 2023
    risk 0.25cvss 4.9epss 0.01

    In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][base…

  • CVE-2023-43648MedOct 30, 2023
    risk 0.25cvss 4.9epss 0.01

    baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.

  • CVE-2022-4031LowNov 29, 2022
    risk 0.25cvss 3.8epss 0.01

    The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with…

  • CVE-2022-2922MedSep 30, 2022
    risk 0.25cvss 4.9epss 0.01

    Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.

  • CVE-2020-7649MedJul 25, 2022
    risk 0.25cvss 4.9epss 0.01

    This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.

  • CVE-2021-33203MedJun 8, 2021
    risk 0.25cvss 4.9epss 0.03

    Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs…

  • CVE-2017-18918MedJun 19, 2020
    risk 0.25cvss 4.9epss 0.00

    An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.

  • CVE-2017-18876MedJun 19, 2020
    risk 0.25cvss 4.9epss 0.01

    An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.

  • CVE-2017-18875MedJun 19, 2020
    risk 0.25cvss 4.9epss 0.01

    An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.

  • CVE-2019-7925MedAug 2, 2019
    risk 0.25cvss 4.9epss 0.01

    An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.

  • CVE-2019-0226MedMay 9, 2019
    risk 0.25cvss 4.9epss 0.02

    Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before…