VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 203 of 275
  • CVE-2008-6726Apr 17, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415.

  • CVE-2008-6659Apr 7, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a…

  • CVE-2008-6658Apr 7, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action,…

  • CVE-2009-1246Apr 6, 2009
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file]…

  • CVE-2008-6592Apr 3, 2009
    risk 0.03cvss epss 0.03

    thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing…

  • CVE-2008-6590Apr 3, 2009
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php.

  • CVE-2009-1222Apr 2, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter.

  • CVE-2008-6551Mar 30, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to…

  • CVE-2008-6522Mar 25, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1)…

  • CVE-2008-6516Mar 25, 2009
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this…

  • CVE-2008-6502Mar 20, 2009
    risk 0.03cvss epss 0.01

    Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to…

  • CVE-2008-6453Mar 13, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.

  • CVE-2009-0865Mar 10, 2009
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX…

  • CVE-2008-6410Mar 6, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.

  • CVE-2008-6407Mar 6, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.

  • CVE-2009-0766Mar 6, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2009-0765Mar 6, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.

  • CVE-2009-0753Mar 3, 2009
    risk 0.03cvss epss 0.06

    Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.

  • CVE-2008-6361Mar 2, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter.

  • CVE-2008-6336Feb 27, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter.