VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 35 of 275
  • CVE-2018-1162HigFeb 8, 2018
    risk 0.53cvss 8.1epss 0.05

    This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The…

  • CVE-2018-6397HigJan 30, 2018
    risk 0.53cvss 7.5epss 0.12

    Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.

  • CVE-2017-14849HigSep 28, 2017
    risk 0.53cvss 7.5epss 0.53

    Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

  • CVE-2015-4181HigAug 25, 2017
    risk 0.53cvss 7.5epss 0.12

    Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2017-11152HigAug 8, 2017
    risk 0.53cvss 7.5epss 0.14

    Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.

  • CVE-2017-9024HigMay 21, 2017
    risk 0.53cvss 7.5epss 0.12

    Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.

  • CVE-2017-6190HigApr 10, 2017
    risk 0.53cvss 7.5epss 0.16

    Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.

  • CVE-2017-7240HigMar 24, 2017
    risk 0.53cvss 7.5epss 0.17

    An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access…

  • CVE-2017-6510HigMar 16, 2017
    risk 0.53cvss 7.5epss 0.15

    Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.

  • CVE-2016-7982HigJan 18, 2017
    risk 0.53cvss 7.5epss 0.21

    Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.

  • CVE-2017-5480HigJan 15, 2017
    risk 0.53cvss 8.1epss 0.02

    Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.

  • CVE-2016-5639HigAug 3, 2016
    risk 0.53cvss 7.5epss 0.21

    Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.

  • CVE-2016-1610HigAug 1, 2016
    risk 0.53cvss 7.5epss 0.12

    Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.

  • CVE-2016-1671HigMay 14, 2016
    risk 0.53cvss 8.1epss 0.02

    Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.

  • CVE-2015-7250HigDec 30, 2015
    risk 0.53cvss 7.5epss 0.16

    Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.

  • CVE-2010-0013HigJan 9, 2010
    risk 0.53cvss 7.5epss 0.13

    Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to…

  • CVE-2007-5927HigNov 10, 2007
    risk 0.53cvss 8.1epss 0.04

    Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using…

  • CVE-2026-52811criJun 23, 2026
    risk 0.52cvss epss 0.00

    Summary `(*Repository).UploadRepoFiles` checks for symlinks only on the **leaf** of the upload target (`osx.IsSymlink(targetPath)`). The siblings `UpdateRepoFile`, `DeleteRepoFile`, and `GetDiffPreview` use `hasSymlinkInPath`, which lstats every component — `UploadRepoFiles`…

  • CVE-2026-53519CriJun 12, 2026
    risk 0.52cvss 9.1epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check…

  • CVE-2026-47731criJun 5, 2026
    risk 0.52cvss epss 0.00

    ## 1. Summary The Binary Stream Capture (BSC) component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - **Bypass the configured log root** and direct…