VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 20 of 275
  • CVE-2022-45829HigDec 6, 2022
    risk 0.57cvss 8.7epss 0.01

    Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress.

  • CVE-2018-17836HigOct 1, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.

  • CVE-2018-10926HigSep 4, 2018
    risk 0.57cvss 8.8epss 0.03

    A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

  • CVE-2018-14795HigAug 21, 2018
    risk 0.57cvss 8.8epss 0.02

    DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.

  • CVE-2018-14942HigAug 5, 2018
    risk 0.57cvss 8.8epss 0.02

    Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data.

  • CVE-2018-1102HigApr 30, 2018
    risk 0.57cvss 8.8epss 0.02

    A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

  • CVE-2017-0359CriApr 13, 2018
    risk 0.57cvss 9.8epss 0.02

    diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.

  • CVE-2018-1079HigApr 12, 2018
    risk 0.57cvss 8.7epss 0.01

    pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an…

  • CVE-2018-7422HigMar 19, 2018
    risk 0.57cvss 7.5epss 0.63

    A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.

  • CVE-2017-17223HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.02

    Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful…

  • CVE-2017-9270HigMar 1, 2018
    risk 0.57cvss 8.7epss 0.02

    In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.

  • CVE-2018-2367HigMar 1, 2018
    risk 0.57cvss 8.8epss 0.02

    ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed…

  • CVE-2018-5700HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.03

    Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.

  • CVE-2017-17715HigDec 16, 2017
    risk 0.57cvss 8.8epss 0.02

    The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.

  • CVE-2017-16929HigDec 5, 2017
    risk 0.57cvss 8.1epss 0.13

    The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../…

  • CVE-2017-14695CriOct 24, 2017
    risk 0.57cvss 9.8epss 0.03

    Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability…

  • CVE-2017-13996HigOct 5, 2017
    risk 0.57cvss 8.8epss 0.03

    A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute…

  • CVE-2017-13982HigSep 30, 2017
    risk 0.57cvss 8.8epss 0.03

    A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.

  • CVE-2017-8007HigSep 22, 2017
    risk 0.57cvss 8.8epss 0.03

    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access…

  • CVE-2016-6795CriSep 20, 2017
    risk 0.57cvss 9.8epss 0.08

    In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.