VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 47 of 275
  • CVE-2015-8799HigJun 8, 2016
    risk 0.50cvss 7.6epss 0.06

    Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection…

  • CVE-2026-49061HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

  • CVE-2026-50877HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.01

    An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters.

  • CVE-2016-20081HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.01

    WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal…

  • CVE-2016-20076HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.01

    WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete_backup_file and download_backup_file parameters in tools.php. Attackers can exploit…

  • CVE-2026-52726HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension `porcelain.clone(..., recurse_submodules=True)`, materializes attacker-controlled…

  • CVE-2026-46491HigJun 10, 2026
    risk 0.49cvss 8.6epss 0.00

    SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an…

  • CVE-2017-20250HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like…

  • CVE-2017-20248HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive…

  • CVE-2026-50234HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.01

    Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the…

  • CVE-2024-40646HigJun 1, 2026
    risk 0.49cvss 8.6epss 0.00

    Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal. Users should upgrade to a version containing commit…

  • CVE-2018-25408HigMay 30, 2026
    risk 0.49cvss 7.5epss 0.01

    The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename…

  • CVE-2026-32847HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /{full_path:path} endpoint. Attackers…

  • CVE-2026-3366HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.01

    IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot"…

  • CVE-2026-40384HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.

  • CVE-2018-25374HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.01

    Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse…

  • CVE-2018-25365HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.01

    PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access…

  • CVE-2025-45145HigMay 22, 2026
    risk 0.49cvss 7.5epss 0.01

    Directory traversal in Follett Software's Destiny Library Manager 22_0_2_rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter

  • CVE-2026-24209HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2026-29963HigMay 18, 2026
    risk 0.49cvss 7.5epss 0.01

    HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote…