CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 21 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10993 | Hig | 0.57 | 8.8 | 0.02 | Jul 21, 2017 | Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. | ||
| CVE-2017-9846 | Hig | 0.57 | 8.8 | 0.03 | Jun 24, 2017 | Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. | ||
| CVE-2017-9833 | Hig | 0.57 | 7.5 | 0.68 | Jun 24, 2017 | /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because… | ||
| CVE-2017-7565 | Hig | 0.57 | 8.8 | 0.02 | Apr 6, 2017 | Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | ||
| CVE-2017-5946 | Cri | 0.57 | 9.8 | 0.03 | Feb 27, 2017 | The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem. | ||
| CVE-2015-4694 | Hig | 0.57 | 8.6 | 0.16 | Jan 8, 2016 | Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter. | ||
| CVE-2026-40769 | Hig | 0.56 | 8.6 | 0.00 | Jun 15, 2026 | Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions. | ||
| CVE-2026-47368 | Hig | 0.56 | 8.6 | 0.00 | Jun 12, 2026 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances. | ||
| CVE-2026-42737 | Hig | 0.56 | 8.6 | 0.00 | May 27, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.9. | ||
| CVE-2026-27305 | Hig | 0.56 | 8.6 | 0.29 | Apr 14, 2026 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files… | ||
| CVE-2026-3987 | Hig | 0.56 | — | 0.01 | Apr 1, 2026 | A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8… | ||
| CVE-2026-32522 | Hig | 0.56 | 8.6 | 0.00 | Mar 25, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5. | ||
| CVE-2026-31913 | Hig | 0.56 | 8.6 | 0.00 | Mar 25, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16. | ||
| CVE-2026-22460 | Hig | 0.56 | 8.6 | 0.00 | Mar 5, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.7.0. | ||
| CVE-2025-69379 | Hig | 0.56 | 8.6 | 0.00 | Feb 20, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. | ||
| CVE-2025-69376 | Hig | 0.56 | 8.6 | 0.01 | Feb 20, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. | ||
| CVE-2026-1186 | Hig | 0.56 | — | 0.00 | Feb 2, 2026 | EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted… | ||
| CVE-2020-36939 | Hig | 0.56 | 7.5 | 0.02 | Jan 27, 2026 | Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd… | ||
| CVE-2025-69097 | Hig | 0.56 | 8.6 | 0.00 | Jan 22, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. | ||
| CVE-2025-68912 | Hig | 0.56 | 8.6 | 0.01 | Jan 22, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1. |
- risk 0.57cvss 8.8epss 0.02
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
- risk 0.57cvss 8.8epss 0.03
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.
- risk 0.57cvss 7.5epss 0.68
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because…
- risk 0.57cvss 8.8epss 0.02
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.
- risk 0.57cvss 9.8epss 0.03
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
- risk 0.57cvss 8.6epss 0.16
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.
- risk 0.56cvss 8.6epss 0.00
Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions.
- risk 0.56cvss 8.6epss 0.00
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
- risk 0.56cvss 8.6epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.9.
- risk 0.56cvss 8.6epss 0.29
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files…
- risk 0.56cvss —epss 0.01
A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8…
- risk 0.56cvss 8.6epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5.
- risk 0.56cvss 8.6epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16.
- risk 0.56cvss 8.6epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.7.0.
- risk 0.56cvss 8.6epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.
- risk 0.56cvss 8.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.
- risk 0.56cvss —epss 0.00
EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted…
- risk 0.56cvss 7.5epss 0.02
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd…
- risk 0.56cvss 8.6epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4.
- risk 0.56cvss 8.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1.