VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 41 of 275
  • CVE-2018-9010HigMar 25, 2018
    risk 0.51cvss 7.2epss 0.10

    Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default…

  • CVE-2018-3710HigMar 21, 2018
    risk 0.51cvss 7.8epss 0.03

    Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

  • CVE-2017-2693HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and…

  • CVE-2017-1087HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a…

  • CVE-2014-3744HigOct 23, 2017
    risk 0.51cvss 7.5epss 0.34

    Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.

  • CVE-2017-12188HigOct 11, 2017
    risk 0.51cvss 7.8epss 0.00

    arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service…

  • CVE-2017-10665HigAug 18, 2017
    risk 0.51cvss 7.8epss 0.03

    Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name.

  • CVE-2017-8033HigJul 25, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges…

  • CVE-2017-10708HigJul 18, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted…

  • CVE-2015-7270HigApr 10, 2017
    risk 0.51cvss 7.8epss 0.01

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

  • CVE-2017-7358HigApr 5, 2017
    risk 0.51cvss 7.3epss 0.03

    In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

  • CVE-2017-6306HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."

  • CVE-2026-40779HigJun 15, 2026
    risk 0.50cvss 7.7epss 0.00

    Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.

  • CVE-2026-40727HigJun 15, 2026
    risk 0.50cvss 7.7epss 0.00

    Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

  • CVE-2026-42305HigJun 10, 2026
    risk 0.50cvss 8.8epss 0.01

    Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's…

  • CVE-2026-45727HigJun 1, 2026
    risk 0.50cvss epss 0.00

    CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can…

  • CVE-2026-44593HigMay 28, 2026
    risk 0.50cvss epss 0.00

    esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates…

  • CVE-2026-43982HigMay 26, 2026
    risk 0.50cvss epss 0.00

    Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn() in lua/upload/upload.go uses filepath.Join() with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp,…

  • CVE-2026-34911HigMay 22, 2026
    risk 0.50cvss 7.7epss 0.01

    A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.

  • CVE-2026-39352HigMay 20, 2026
    risk 0.50cvss epss 0.01

    Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above.