CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

CWE-706

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (3,730)

page 33 of 187

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2020-24102	Hig	0.50	7.6	0.04	Jul 22, 2024	Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code.
CVE-2024-37497	Hig	0.50	7.7	0.00	Jul 9, 2024	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore jet-theme-core.This issue affects JetThemeCore: from n/a through < 2.2.1.
CVE-2024-38449	Hig	0.50	7.7	0.00	Jun 17, 2024	A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the application.
CVE-2024-32703	Hig	0.50	7.7	0.00	Jun 9, 2024	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.
CVE-2024-32778	Hig	0.50	7.7	0.00	Jun 9, 2024	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.
CVE-2024-34060	Hig	0.50	8.8	0.02	May 23, 2024	IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0.
CVE-2023-26526	Hig	0.50	7.7	0.01	May 17, 2024	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.
CVE-2022-45368	Hig	0.50	7.7	0.01	May 17, 2024	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75.
CVE-2024-1630	Hig	0.50	7.7	0.00	May 14, 2024	Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
CVE-2024-31240	Hig	0.50	7.7	0.00	Apr 10, 2024	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1.
CVE-2024-24042	Hig	0.50	8.8	0.03	Mar 19, 2024	Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.
CVE-2017-3163	Hig	0.50	7.5	0.12	Aug 30, 2017	When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
CVE-2017-10949	Hig	0.50	7.5	0.18	Aug 4, 2017	Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.
CVE-2017-2163	Hig	0.50	7.5	0.11	May 12, 2017	Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.
CVE-2016-8206	Hig	0.50	7.5	0.10	Jan 14, 2017	A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.
CVE-2016-6321	Hig	0.50	7.5	0.11	Dec 9, 2016	Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
CVE-2015-1000006	Hig	0.50	7.5	0.11	Oct 6, 2016	Remote file download vulnerability in recent-backups v0.7 wordpress plugin
CVE-2015-1000005	Hig	0.50	7.5	0.21	Oct 6, 2016	Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
CVE-2016-8343	Hig	0.50	7.5	0.10	Oct 5, 2016	Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2015-8799	Hig	0.50	7.6	0.01	Jun 8, 2016	Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.

CVE-2020-24102HigJul 22, 2024
risk 0.50cvss 7.6epss 0.04
Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code.
CVE-2024-37497HigJul 9, 2024
risk 0.50cvss 7.7epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore jet-theme-core.This issue affects JetThemeCore: from n/a through < 2.2.1.
CVE-2024-38449HigJun 17, 2024
risk 0.50cvss 7.7epss 0.00
A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the application.
CVE-2024-32703HigJun 9, 2024
risk 0.50cvss 7.7epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.
CVE-2024-32778HigJun 9, 2024
risk 0.50cvss 7.7epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.
CVE-2024-34060HigMay 23, 2024
risk 0.50cvss 8.8epss 0.02
IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0.
CVE-2023-26526HigMay 17, 2024
risk 0.50cvss 7.7epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.
CVE-2022-45368HigMay 17, 2024
risk 0.50cvss 7.7epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75.
CVE-2024-1630HigMay 14, 2024
risk 0.50cvss 7.7epss 0.00
Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
CVE-2024-31240HigApr 10, 2024
risk 0.50cvss 7.7epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1.
CVE-2024-24042HigMar 19, 2024
risk 0.50cvss 8.8epss 0.03
Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.
CVE-2017-3163HigAug 30, 2017
risk 0.50cvss 7.5epss 0.12
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
CVE-2017-10949HigAug 4, 2017
risk 0.50cvss 7.5epss 0.18
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.
CVE-2017-2163HigMay 12, 2017
risk 0.50cvss 7.5epss 0.11
Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.
CVE-2016-8206HigJan 14, 2017
risk 0.50cvss 7.5epss 0.10
A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.
CVE-2016-6321HigDec 9, 2016
risk 0.50cvss 7.5epss 0.11
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
CVE-2015-1000006HigOct 6, 2016
risk 0.50cvss 7.5epss 0.11
Remote file download vulnerability in recent-backups v0.7 wordpress plugin
CVE-2015-1000005HigOct 6, 2016
risk 0.50cvss 7.5epss 0.21
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
CVE-2016-8343HigOct 5, 2016
risk 0.50cvss 7.5epss 0.10
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2015-8799HigJun 8, 2016
risk 0.50cvss 7.6epss 0.01
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.