CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 40 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-25163 | Hig | 0.51 | 7.5 | 0.02 | Feb 7, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through <= 3.3. | ||
| CVE-2025-0542 | Hig | 0.51 | 7.8 | 0.00 | Jan 25, 2025 | Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive… | ||
| CVE-2024-54489 | Hig | 0.51 | 7.8 | 0.00 | Dec 12, 2024 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Running a mount command may unexpectedly execute arbitrary code. | ||
| CVE-2024-50508 | Hig | 0.51 | 7.5 | 0.01 | Oct 30, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0. | ||
| CVE-2024-44255 | Hig | 0.51 | 7.8 | 0.00 | Oct 28, 2024 | A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user… | ||
| CVE-2024-47742 | Hig | 0.51 | 7.8 | 0.00 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However,… | ||
| CVE-2024-7340 | Hig | 0.51 | 8.8 | 0.05 | Jul 31, 2024 | The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server… | ||
| CVE-2024-5040 | Hig | 0.51 | 7.8 | 0.00 | May 21, 2024 | There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory. | ||
| CVE-2024-35205 | — | Hig | 0.51 | 7.8 | 0.01 | May 14, 2024 | The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a… | |
| CVE-2024-23774 | Hig | 0.51 | 7.8 | 0.00 | Apr 30, 2024 | An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM… | ||
| CVE-2024-23773 | Hig | 0.51 | 7.8 | 0.00 | Apr 30, 2024 | An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges. | ||
| CVE-2024-29672 | — | Hig | 0.51 | 8.8 | 0.01 | Apr 5, 2024 | Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt. | |
| CVE-2023-39138 | — | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2023 | An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file. | |
| CVE-2023-39135 | — | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2023 | An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry. | |
| CVE-2023-26243 | Hig | 0.51 | 7.8 | 0.00 | Apr 27, 2023 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An… | ||
| CVE-2020-5237 | Hig | 0.51 | 8.8 | 0.04 | Feb 5, 2020 | Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to… | ||
| CVE-2018-8009 | — | Hig | 0.51 | 8.8 | 0.08 | Nov 13, 2018 | Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. | |
| CVE-2018-0646 | Hig | 0.51 | 7.8 | 0.02 | Sep 4, 2018 | Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. | ||
| CVE-2018-12036 | — | Hig | 0.51 | 7.8 | 0.02 | Jun 7, 2018 | OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | |
| CVE-2018-7933 | Hig | 0.51 | 7.8 | 0.01 | May 10, 2018 | Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker… |
- risk 0.51cvss 7.5epss 0.02
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through <= 3.3.
- risk 0.51cvss 7.8epss 0.00
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive…
- risk 0.51cvss 7.8epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Running a mount command may unexpectedly execute arbitrary code.
- risk 0.51cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
- risk 0.51cvss 7.8epss 0.00
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However,…
- risk 0.51cvss 8.8epss 0.05
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server…
- risk 0.51cvss 7.8epss 0.00
There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory.
- risk 0.51cvss 7.8epss 0.01
The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a…
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM…
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges.
- risk 0.51cvss 8.8epss 0.01
Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt.
- risk 0.51cvss 7.8epss 0.00
An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.
- risk 0.51cvss 7.8epss 0.00
An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An…
- risk 0.51cvss 8.8epss 0.04
Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to…
- risk 0.51cvss 8.8epss 0.08
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
- risk 0.51cvss 7.8epss 0.02
Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
- risk 0.51cvss 7.8epss 0.02
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
- risk 0.51cvss 7.8epss 0.01
Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker…