VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 40 of 275
  • CVE-2025-25163HigFeb 7, 2025
    risk 0.51cvss 7.5epss 0.02

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through <= 3.3.

  • CVE-2025-0542HigJan 25, 2025
    risk 0.51cvss 7.8epss 0.00

    Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive…

  • CVE-2024-54489HigDec 12, 2024
    risk 0.51cvss 7.8epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Running a mount command may unexpectedly execute arbitrary code.

  • CVE-2024-50508HigOct 30, 2024
    risk 0.51cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.

  • CVE-2024-44255HigOct 28, 2024
    risk 0.51cvss 7.8epss 0.00

    A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user…

  • CVE-2024-47742HigOct 21, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However,…

  • CVE-2024-7340HigJul 31, 2024
    risk 0.51cvss 8.8epss 0.05

    The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server…

  • CVE-2024-5040HigMay 21, 2024
    risk 0.51cvss 7.8epss 0.00

    There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory.

  • CVE-2024-35205HigMay 14, 2024
    risk 0.51cvss 7.8epss 0.01

    The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a…

  • CVE-2024-23774HigApr 30, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM…

  • CVE-2024-23773HigApr 30, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges.

  • CVE-2024-29672HigApr 5, 2024
    risk 0.51cvss 8.8epss 0.01

    Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt.

  • CVE-2023-39138HigAug 30, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.

  • CVE-2023-39135HigAug 30, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry.

  • CVE-2023-26243HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An…

  • CVE-2020-5237HigFeb 5, 2020
    risk 0.51cvss 8.8epss 0.04

    Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to…

  • CVE-2018-8009HigNov 13, 2018
    risk 0.51cvss 8.8epss 0.08

    Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.

  • CVE-2018-0646HigSep 4, 2018
    risk 0.51cvss 7.8epss 0.02

    Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.

  • CVE-2018-12036HigJun 7, 2018
    risk 0.51cvss 7.8epss 0.02

    OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.

  • CVE-2018-7933HigMay 10, 2018
    risk 0.51cvss 7.8epss 0.01

    Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker…