VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 31 of 275
  • CVE-2024-56198CriDec 31, 2024
    risk 0.54cvss epss 0.01

    path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0.

  • CVE-2024-33605HigNov 26, 2024
    risk 0.54cvss 7.5epss 0.06

    Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

  • CVE-2024-4442CriMay 21, 2024
    risk 0.54cvss 9.1epss 0.01

    The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated…

  • CVE-2024-4346CriMay 7, 2024
    risk 0.54cvss 9.1epss 0.02

    The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for…

  • CVE-2024-0964CriFeb 5, 2024
    risk 0.54cvss 9.4epss 0.01

    A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

  • CVE-2022-31474HigMar 13, 2023
    risk 0.54cvss 7.5epss 0.64

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.

  • CVE-2022-31507CriJul 11, 2022
    risk 0.54cvss 9.3epss 0.01

    The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

  • CVE-2022-31506CriJul 11, 2022
    risk 0.54cvss 9.3epss 0.01

    The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

  • CVE-2021-37701HigAug 31, 2021
    risk 0.54cvss 8.2epss 0.03

    The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This…

  • CVE-2021-21357HigMar 23, 2021
    risk 0.54cvss 8.3epss 0.02

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of…

  • CVE-2018-7171HigMar 30, 2018
    risk 0.54cvss 7.5epss 0.29

    Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.

  • CVE-2017-17058HigNov 29, 2017
    risk 0.54cvss 7.5epss 0.24

    The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because…

  • CVE-2017-15647HigOct 19, 2017
    risk 0.54cvss 7.5epss 0.27

    On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.

  • CVE-2017-9829HigJun 23, 2017
    risk 0.54cvss 7.5epss 0.69

    '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already…

  • CVE-2016-4313HigApr 24, 2017
    risk 0.54cvss 7.8epss 0.09

    Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.

  • CVE-2016-9950HigDec 17, 2016
    risk 0.54cvss 7.8epss 0.07

    An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker…

  • CVE-2015-8770HigJan 29, 2016
    risk 0.54cvss 7.5epss 0.22

    Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a ..…

  • CVE-2026-48777CriJun 16, 2026
    risk 0.53cvss epss 0.00

    FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields…

  • CVE-2026-8442HigJun 16, 2026
    risk 0.53cvss 8.1epss 0.01

    The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb_hide_review and wprp_save_review_admin AJAX handlers combined with insufficient path validation…

  • CVE-2026-11846HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.00

    The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories,  resulting in data destruction or…