CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 29 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24891 | Cri | 0.55 | 9.6 | 0.01 | Jan 31, 2025 | Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's… | ||
| CVE-2024-37423 | Hig | 0.55 | 8.5 | 0.00 | Nov 1, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic Newspack Blocks allows Path Traversal.This issue affects Newspack Blocks: from n/a through 3.0.8. | ||
| CVE-2024-9575 | Hig | 0.55 | — | 0.01 | Oct 9, 2024 | Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5. | ||
| CVE-2024-43271 | Hig | 0.55 | 8.5 | 0.01 | Aug 19, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0. | ||
| CVE-2024-43232 | Hig | 0.55 | 8.5 | 0.01 | Aug 19, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.This issue affects Timeline and History slider: from n/a through 2.3. | ||
| CVE-2024-43221 | Hig | 0.55 | 8.5 | 0.01 | Aug 19, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2. | ||
| CVE-2024-6618 | Hig | 0.55 | — | 0.00 | Aug 13, 2024 | In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL). | ||
| CVE-2024-39624 | Hig | 0.55 | 8.5 | 0.01 | Aug 1, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4. | ||
| CVE-2024-37501 | Hig | 0.55 | 8.5 | 0.01 | Jul 9, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.This issue affects Advanced Classifieds & Directory Pro: from n/a through 3.1.3. | ||
| CVE-2024-33568 | Hig | 0.55 | 8.5 | 0.01 | Jun 4, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a before 7.19.3. | ||
| CVE-2024-31300 | Hig | 0.55 | 8.5 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4. | ||
| CVE-2024-32807 | Hig | 0.55 | 8.5 | 0.01 | May 6, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. | ||
| CVE-2022-41951 | — | Hig | 0.55 | 8.5 | 0.01 | Nov 27, 2023 | OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path… | |
| CVE-2022-23522 | Hig | 0.55 | 8.5 | 0.01 | Mar 30, 2023 | MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called… | ||
| CVE-2018-16299 | Hig | 0.55 | 7.5 | 0.44 | Sep 24, 2018 | The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter. | ||
| CVE-2018-7098 | Hig | 0.55 | 8.4 | 0.01 | Aug 14, 2018 | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal. | ||
| CVE-2018-15142 | Hig | 0.55 | 8.8 | 0.18 | Aug 13, 2018 | Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in… | ||
| CVE-2018-12054 | Hig | 0.55 | 7.5 | 0.39 | Jun 8, 2018 | Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | ||
| CVE-2018-11235 | Hig | 0.55 | 7.8 | 0.49 | May 30, 2018 | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone… | ||
| CVE-2018-10201 | Hig | 0.55 | 7.5 | 0.46 | Apr 20, 2018 | An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with… |
- risk 0.55cvss 9.6epss 0.01
Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's…
- risk 0.55cvss 8.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic Newspack Blocks allows Path Traversal.This issue affects Newspack Blocks: from n/a through 3.0.8.
- risk 0.55cvss —epss 0.01
Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.This issue affects Timeline and History slider: from n/a through 2.3.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2.
- risk 0.55cvss —epss 0.00
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL).
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.This issue affects Advanced Classifieds & Directory Pro: from n/a through 3.1.3.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a before 7.19.3.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17.
- risk 0.55cvss 8.5epss 0.01
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path…
- risk 0.55cvss 8.5epss 0.01
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called…
- risk 0.55cvss 7.5epss 0.44
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
- risk 0.55cvss 8.4epss 0.01
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.
- risk 0.55cvss 8.8epss 0.18
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in…
- risk 0.55cvss 7.5epss 0.39
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
- risk 0.55cvss 7.8epss 0.49
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone…
- risk 0.55cvss 7.5epss 0.46
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with…