CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

CWE-706

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (3,734)

page 42 of 187

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2023-45385	Hig	0.49	7.5	0.01	Apr 30, 2024	ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module.
CVE-2024-31801	Hig	0.49	7.5	0.01	Apr 29, 2024	Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request.
CVE-2023-47843	Hig	0.49	7.6	0.00	Apr 18, 2024	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
CVE-2024-31978	Hig	0.49	7.6	0.00	Apr 9, 2024	A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.
CVE-2024-27575	Hig	0.49	7.5	0.00	Apr 4, 2024	INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI.
CVE-2021-31156	Hig	0.49	7.5	0.01	Mar 28, 2024	Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data.
CVE-2024-25136	Hig	0.49	7.5	0.00	Mar 26, 2024	There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
CVE-2023-40747	Hig	0.49	7.5	0.00	Mar 18, 2024	Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.
CVE-2023-6559	Hig	0.49	7.5	0.06	Dec 16, 2023	The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
CVE-2023-3813	Hig	0.49	7.5	0.02	Jul 21, 2023	The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. NOTE: This vulnerability was partially patched in version 4.6.5 and fully patched in version 4.6.9.
CVE-2020-36728	Med	0.49	6.5	0.83	Jun 7, 2023	The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.
CVE-2017-14196	Hig	0.49	7.5	0.01	Nov 30, 2017	An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.
CVE-2017-16762	Hig	0.49	7.5	0.00	Nov 10, 2017	Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
CVE-2017-11511	Hig	0.49	7.5	0.04	Nov 8, 2017	The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
CVE-2014-0115	Hig	0.49	7.5	0.01	Oct 30, 2017	Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
CVE-2017-15805	Hig	0.49	7.5	0.01	Oct 23, 2017	Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.
CVE-2017-10933	Hig	0.49	7.5	0.00	Oct 19, 2017	All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
CVE-2015-1429	Hig	0.49	7.5	0.01	Oct 6, 2017	Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter.
CVE-2017-15079	Hig	0.49	7.5	0.01	Oct 6, 2017	The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
CVE-2017-1577	Hig	0.49	7.5	0.01	Sep 28, 2017	IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

CVE-2023-45385HigApr 30, 2024
risk 0.49cvss 7.5epss 0.01
ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module.
CVE-2024-31801HigApr 29, 2024
risk 0.49cvss 7.5epss 0.01
Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request.
CVE-2023-47843HigApr 18, 2024
risk 0.49cvss 7.6epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
CVE-2024-31978HigApr 9, 2024
risk 0.49cvss 7.6epss 0.00
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.
CVE-2024-27575HigApr 4, 2024
risk 0.49cvss 7.5epss 0.00
INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI.
CVE-2021-31156HigMar 28, 2024
risk 0.49cvss 7.5epss 0.01
Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data.
CVE-2024-25136HigMar 26, 2024
risk 0.49cvss 7.5epss 0.00
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
CVE-2023-40747HigMar 18, 2024
risk 0.49cvss 7.5epss 0.00
Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.
CVE-2023-6559HigDec 16, 2023
risk 0.49cvss 7.5epss 0.06
The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
CVE-2023-3813HigJul 21, 2023
risk 0.49cvss 7.5epss 0.02
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. NOTE: This vulnerability was partially patched in version 4.6.5 and fully patched in version 4.6.9.
CVE-2020-36728MedJun 7, 2023
risk 0.49cvss 6.5epss 0.83
The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.
CVE-2017-14196HigNov 30, 2017
risk 0.49cvss 7.5epss 0.01
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.
CVE-2017-16762HigNov 10, 2017
risk 0.49cvss 7.5epss 0.00
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
CVE-2017-11511HigNov 8, 2017
risk 0.49cvss 7.5epss 0.04
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
CVE-2014-0115HigOct 30, 2017
risk 0.49cvss 7.5epss 0.01
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
CVE-2017-15805HigOct 23, 2017
risk 0.49cvss 7.5epss 0.01
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.
CVE-2017-10933HigOct 19, 2017
risk 0.49cvss 7.5epss 0.00
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
CVE-2015-1429HigOct 6, 2017
risk 0.49cvss 7.5epss 0.01
Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter.
CVE-2017-15079HigOct 6, 2017
risk 0.49cvss 7.5epss 0.01
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
CVE-2017-1577HigSep 28, 2017
risk 0.49cvss 7.5epss 0.01
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.