VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 53 of 275
  • CVE-2024-53523HigDec 5, 2024
    risk 0.49cvss 7.5epss 0.01

    JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function.

  • CVE-2024-53490HigDec 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java.

  • CVE-2024-11952HigDec 4, 2024
    risk 0.49cvss 7.5epss 0.01

    The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above,…

  • CVE-2024-52481HigNov 28, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify jobify allows Relative Path Traversal.This issue affects Jobify: from n/a through < 4.3.0.

  • CVE-2024-10803HigNov 23, 2024
    risk 0.49cvss 7.5epss 0.01

    The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can…

  • CVE-2024-52449HigNov 20, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Navneil Naicer Bootscraper allows PHP Local File Inclusion.This issue affects Bootscraper: from n/a through 2.1.0.

  • CVE-2024-52448HigNov 20, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in webcodingplace Ultimate Classified Listings ultimate-classified-listings allows PHP Local File Inclusion.This issue affects Ultimate Classified Listings: from n/a through <= 1.7.

  • CVE-2024-52444HigNov 20, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through <= 1.1.3.

  • CVE-2024-52378HigNov 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 DigiPass digipass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through <= 0.3.0.

  • CVE-2024-47916HigNov 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CVE-2024-45253HigNov 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CVE-2024-10816HigNov 13, 2024
    risk 0.49cvss 7.5epss 0.01

    The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can…

  • CVE-2024-51998HigNov 8, 2024
    risk 0.49cvss 8.6epss 0.01

    changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and `ALLOW_FILE_URI`…

  • CVE-2024-51582HigNov 4, 2024
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9.

  • CVE-2024-50453HigOct 28, 2024
    risk 0.49cvss 7.5epss 0.01

    Relative Path Traversal vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through <= 2.0.9.

  • CVE-2024-49287HigOct 17, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in mh6webentwicklung PDF-Rechnungsverwaltung pdf-rechnungsverwaltung allows PHP Local File Inclusion.This issue affects PDF-Rechnungsverwaltung: from n/a through <= 0.0.1.

  • CVE-2024-49285HigOct 17, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jeroen Berkvens SSV MailChimp ssv-mailchimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through <= 3.1.5.

  • CVE-2024-49245HigOct 16, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nahimsalami Ahime Image Printer ahime-image-printer.This issue affects Ahime Image Printer: from n/a through <= 1.0.0.

  • CVE-2024-47645HigOct 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.1.

  • CVE-2024-47351HigOct 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider maxslider allows Path Traversal.This issue affects MaxSlider: from n/a through <= 1.2.3.