VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 38 of 275
  • CVE-2022-44900CriDec 6, 2022
    risk 0.52cvss 9.1epss 0.02

    A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

  • CVE-2022-38638CriSep 9, 2022
    risk 0.52cvss 9.1epss 0.01

    Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.

  • CVE-2022-1992CriJun 9, 2022
    risk 0.52cvss 9.1epss 0.02

    Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

  • CVE-2022-24840CriJun 9, 2022
    risk 0.52cvss 9.1epss 0.02

    django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location…

  • CVE-2022-24303CriMar 28, 2022
    risk 0.52cvss 9.1epss 0.03

    Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

  • CVE-2021-34363CriJun 10, 2021
    risk 0.52cvss 9.1epss 0.02

    The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.

  • CVE-2020-8570CriJan 21, 2021
    risk 0.52cvss 9.1epss 0.04

    Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system…

  • CVE-2019-3799MedMay 6, 2019
    risk 0.52cvss 6.5epss 0.85

    Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or…

  • CVE-2018-7771HigJul 3, 2018
    risk 0.52cvss 8.0epss 0.01

    The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service…

  • CVE-2018-3758HigJun 7, 2018
    risk 0.52cvss 8.8epss 0.27

    Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.

  • CVE-2018-11494HigMay 26, 2018
    risk 0.52cvss 8.0epss 0.02

    The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory…

  • CVE-2018-9110CriMar 28, 2018
    risk 0.52cvss 9.1epss 0.03

    Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.…

  • CVE-2018-9109CriMar 28, 2018
    risk 0.52cvss 9.1epss 0.03

    Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.

  • CVE-2018-1323HigMar 12, 2018
    risk 0.52cvss 7.5epss 0.44

    The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then…

  • CVE-2017-11469HigJul 20, 2017
    risk 0.52cvss 7.5epss 0.05

    get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.

  • CVE-2017-11456HigJul 19, 2017
    risk 0.52cvss 7.5epss 0.09

    Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.

  • CVE-2015-5609CriMay 23, 2017
    risk 0.52cvss 9.1epss 0.03

    Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

  • CVE-2016-6896HigJan 18, 2017
    risk 0.52cvss 7.1epss 0.38

    Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to…

  • CVE-2016-2087HigJan 18, 2017
    risk 0.52cvss 7.4epss 0.09

    Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.

  • CVE-2015-8798HigJun 8, 2016
    risk 0.52cvss 8.0epss 0.03

    Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection…