VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 5 of 275
  • CVE-2015-5473CriJun 1, 2017
    risk 0.65cvss 9.8epss 0.13

    Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified…

  • CVE-2016-8205CriJan 14, 2017
    risk 0.65cvss 9.8epss 0.13

    A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

  • CVE-2016-1525HigFeb 13, 2016
    risk 0.65cvss 8.6epss 0.75

    Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.

  • CVE-2014-0130HigKEVMay 7, 2014
    risk 0.65cvss 7.5epss 0.54

    Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to…

  • CVE-2012-6069CriJan 21, 2013
    risk 0.65cvss 10.0epss 0.03

    The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the …

  • CVE-2026-49766CriJun 15, 2026
    risk 0.64cvss 9.9epss 0.01

    Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.

  • CVE-2026-50869CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request.

  • CVE-2026-45556CriJun 10, 2026
    risk 0.64cvss 9.9epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf//<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to…

  • CVE-2026-11420CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.01

    Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No…

  • CVE-2026-11414CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and…

  • CVE-2019-25727CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export_csv and a…

  • CVE-2026-9559CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.01

    A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import…

  • CVE-2026-42757CriMay 27, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253.

  • CVE-2026-42756CriMay 27, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize…

  • CVE-2026-40383CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    An improper validation of user-supplied input leads to a local file inclusion vulnerability.

  • CVE-2025-71211CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note:…

  • CVE-2025-71210CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via…

  • CVE-2026-36829CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing…

  • CVE-2026-37531CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.01

    AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot…

  • CVE-2026-40050CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.01

    CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM…