VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 167 of 275
  • CVE-2025-22238MedJun 13, 2025
    risk 0.20cvss 4.2epss 0.00

    Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

  • CVE-2023-6120MedDec 9, 2023
    risk 0.20cvss 4.1epss 0.00

    The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.

  • CVE-2020-1735MedMar 16, 2020
    risk 0.20cvss 4.2epss 0.00

    A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

  • CVE-2019-3828MedMar 27, 2019
    risk 0.20cvss 4.2epss 0.01

    Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

  • CVE-2018-16968LowSep 26, 2018
    risk 0.20cvss 3.1epss 0.01

    Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.

  • CVE-2023-41040MedAug 30, 2023
    risk 0.19cvss 4.0epss 0.01

    GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located…

  • CVE-2021-32841MedJan 26, 2022
    risk 0.19cvss 4.0epss 0.01

    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash…

  • CVE-2026-12211LowJun 15, 2026
    risk 0.18cvss 2.7epss 0.00

    A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The…

  • CVE-2024-47267LowMay 27, 2026
    risk 0.18cvss 2.7epss 0.00

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write…

  • CVE-2026-3339LowMar 21, 2026
    risk 0.18cvss 2.7epss 0.00

    The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with…

  • CVE-2026-4285LowMar 17, 2026
    risk 0.18cvss 2.7epss 0.00

    A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2M…

  • CVE-2025-61653LowFeb 3, 2026
    risk 0.18cvss epss 0.00

    Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.

  • CVE-2026-1588LowJan 29, 2026
    risk 0.18cvss 2.7epss 0.01

    A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in…

  • CVE-2025-12923LowNov 10, 2025
    risk 0.18cvss 2.7epss 0.01

    A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The…

  • CVE-2025-10723LowOct 24, 2025
    risk 0.18cvss 2.7epss 0.00

    The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks

  • CVE-2025-32205LowApr 10, 2025
    risk 0.18cvss 2.7epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30.

  • CVE-2025-2716LowMar 24, 2025
    risk 0.18cvss 2.7epss 0.00

    A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed…

  • CVE-2023-41825LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files. 

  • CVE-2024-3034LowApr 27, 2024
    risk 0.18cvss 2.7epss 0.01

    The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse…

  • CVE-2024-29196LowMar 26, 2024
    risk 0.18cvss 3.8epss 0.01

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability…