CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 167 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22238 | Med | 0.20 | 4.2 | 0.00 | Jun 13, 2025 | Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory. | ||
| CVE-2023-6120 | Med | 0.20 | 4.1 | 0.00 | Dec 9, 2023 | The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server. | ||
| CVE-2020-1735 | Med | 0.20 | 4.2 | 0.00 | Mar 16, 2020 | A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | ||
| CVE-2019-3828 | Med | 0.20 | 4.2 | 0.01 | Mar 27, 2019 | Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | ||
| CVE-2018-16968 | Low | 0.20 | 3.1 | 0.01 | Sep 26, 2018 | Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. | ||
| CVE-2023-41040 | Med | 0.19 | 4.0 | 0.01 | Aug 30, 2023 | GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located… | ||
| CVE-2021-32841 | Med | 0.19 | 4.0 | 0.01 | Jan 26, 2022 | SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash… | ||
| CVE-2026-12211 | Low | 0.18 | 2.7 | 0.00 | Jun 15, 2026 | A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The… | ||
| CVE-2024-47267 | Low | 0.18 | 2.7 | 0.00 | May 27, 2026 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write… | ||
| CVE-2026-3339 | Low | 0.18 | 2.7 | 0.00 | Mar 21, 2026 | The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with… | ||
| CVE-2026-4285 | — | Low | 0.18 | 2.7 | 0.00 | Mar 17, 2026 | A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2M… | |
| CVE-2025-61653 | Low | 0.18 | — | 0.00 | Feb 3, 2026 | Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1. | ||
| CVE-2026-1588 | Low | 0.18 | 2.7 | 0.01 | Jan 29, 2026 | A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in… | ||
| CVE-2025-12923 | Low | 0.18 | 2.7 | 0.01 | Nov 10, 2025 | A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The… | ||
| CVE-2025-10723 | Low | 0.18 | 2.7 | 0.00 | Oct 24, 2025 | The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks | ||
| CVE-2025-32205 | Low | 0.18 | 2.7 | 0.00 | Apr 10, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30. | ||
| CVE-2025-2716 | Low | 0.18 | 2.7 | 0.00 | Mar 24, 2025 | A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed… | ||
| CVE-2023-41825 | Low | 0.18 | 2.8 | 0.00 | May 3, 2024 | A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files. | ||
| CVE-2024-3034 | Low | 0.18 | 2.7 | 0.01 | Apr 27, 2024 | The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse… | ||
| CVE-2024-29196 | Low | 0.18 | 3.8 | 0.01 | Mar 26, 2024 | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability… |
- risk 0.20cvss 4.2epss 0.00
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.
- risk 0.20cvss 4.1epss 0.00
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
- risk 0.20cvss 4.2epss 0.00
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
- risk 0.20cvss 4.2epss 0.01
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
- risk 0.20cvss 3.1epss 0.01
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.
- risk 0.19cvss 4.0epss 0.01
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located…
- risk 0.19cvss 4.0epss 0.01
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash…
- risk 0.18cvss 2.7epss 0.00
A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The…
- risk 0.18cvss 2.7epss 0.00
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write…
- risk 0.18cvss 2.7epss 0.00
The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with…
- risk 0.18cvss 2.7epss 0.00
A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2M…
- risk 0.18cvss —epss 0.00
Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.
- risk 0.18cvss 2.7epss 0.01
A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in…
- risk 0.18cvss 2.7epss 0.01
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The…
- risk 0.18cvss 2.7epss 0.00
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
- risk 0.18cvss 2.7epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30.
- risk 0.18cvss 2.7epss 0.00
A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed…
- risk 0.18cvss 2.8epss 0.00
A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files.
- risk 0.18cvss 2.7epss 0.01
The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse…
- risk 0.18cvss 3.8epss 0.01
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability…