VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 34 of 275
  • CVE-2024-36427HigMay 29, 2024
    risk 0.53cvss 8.1epss 0.01

    The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file.

  • CVE-2023-46784HigMay 17, 2024
    risk 0.53cvss 8.2epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS…

  • CVE-2023-39916CriSep 13, 2023
    risk 0.53cvss 9.3epss 0.01

    NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for…

  • CVE-2022-3782CriJan 13, 2023
    risk 0.53cvss 9.1epss 0.06

    keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive…

  • CVE-2022-4030HigNov 29, 2022
    risk 0.53cvss 8.1epss 0.02

    The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to…

  • CVE-2021-46037HigFeb 18, 2022
    risk 0.53cvss 8.1epss 0.01

    MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.

  • CVE-2020-29555HigMar 15, 2021
    risk 0.53cvss 8.1epss 0.03

    The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of…

  • CVE-2020-5590HigJun 19, 2020
    risk 0.53cvss 8.1epss 0.02

    Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

  • CVE-2018-8495HigOct 10, 2018
    risk 0.53cvss 7.5epss 0.56

    A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2018-0464HigOct 5, 2018
    risk 0.53cvss 8.1epss 0.05

    A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within…

  • CVE-2017-2627HigAug 22, 2018
    risk 0.53cvss 8.2epss 0.01

    A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow…

  • CVE-2018-7092HigAug 6, 2018
    risk 0.53cvss 7.5epss 0.53

    A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.

  • CVE-2018-12053HigJun 8, 2018
    risk 0.53cvss 7.5epss 0.11

    Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.

  • CVE-2018-10615HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.03

    Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.

  • CVE-2018-7669HigApr 27, 2018
    risk 0.53cvss 7.5epss 0.17

    An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a…

  • CVE-2014-2069HigApr 16, 2018
    risk 0.53cvss 7.5epss 0.16

    Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.

  • CVE-2018-1266HigMar 27, 2018
    risk 0.53cvss 8.1epss 0.01

    Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the…

  • CVE-2014-2674HigMar 19, 2018
    risk 0.53cvss 7.5epss 0.16

    Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.

  • CVE-2015-5079HigFeb 28, 2018
    risk 0.53cvss 7.5epss 0.18

    Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.

  • CVE-2018-5716HigFeb 21, 2018
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the…