VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 168 of 275
  • CVE-2023-46122LowOct 23, 2023
    risk 0.18cvss 3.9epss 0.00

    sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and…

  • CVE-2022-40199LowSep 27, 2022
    risk 0.18cvss 2.7epss 0.01

    Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information.

  • CVE-2018-16237LowAug 30, 2018
    risk 0.18cvss 2.7epss 0.01

    An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

  • CVE-2016-1212LowJun 5, 2016
    risk 0.18cvss 2.7epss 0.02

    Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.

  • CVE-2016-3972LowApr 18, 2016
    risk 0.18cvss 2.7epss 0.01

    Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.

  • CVE-2026-44996LowMay 11, 2026
    risk 0.17cvss 3.7epss 0.00

    OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local…

  • CVE-2026-7020LowApr 26, 2026
    risk 0.17cvss 3.7epss 0.01

    A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be…

  • CVE-2023-52085LowDec 29, 2023
    risk 0.17cvss 3.3epss 0.30

    Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential…

  • CVE-2020-4053LowJun 16, 2020
    risk 0.17cvss 3.7epss 0.01

    In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the…

  • CVE-2026-10264LowJun 1, 2026
    risk 0.16cvss 3.5epss 0.00

    A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit…

  • CVE-2026-42448LowMay 26, 2026
    risk 0.16cvss 3.5epss 0.00

    Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists (as a directory). This vulnerability…

  • CVE-2026-1532LowJan 28, 2026
    risk 0.16cvss 2.4epss 0.01

    A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be…

  • CVE-2025-64757LowNov 19, 2025
    risk 0.16cvss 3.5epss 0.00

    Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and…

  • CVE-2024-46939LowNov 28, 2024
    risk 0.16cvss epss 0.00

    The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files

  • CVE-2018-25059LowDec 30, 2022
    risk 0.16cvss 3.5epss 0.01

    A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this…

  • CVE-2021-21298LowFeb 26, 2021
    risk 0.16cvss 3.5epss 0.01

    Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is able to…

  • CVE-2020-15239LowOct 6, 2020
    risk 0.16cvss 3.5epss 0.01

    In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to…

  • CVE-2015-5313LowApr 11, 2016
    risk 0.16cvss 2.5epss 0.00

    Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write…

  • CVE-2025-6927LowFeb 2, 2026
    risk 0.15cvss epss 0.00

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.

  • CVE-2021-43798HigKEVDec 7, 2021
    risk 0.15cvss 7.5epss 0.89

    Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`,…