CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 54 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-44034 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX wpspx allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through <= 1.0.2. | ||
| CVE-2024-44018 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in istmoplugins Instant Chat Floating Button for WordPress Websites instant-chat-wp allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress… | ||
| CVE-2024-44016 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in amarksteadman Podiant podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through <= 1.1. | ||
| CVE-2024-44015 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in istmoplugins Users Control users-control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through <= 1.0.16. | ||
| CVE-2024-44013 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar vr-calendar-sync allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through <= 2.4.0. | ||
| CVE-2024-44012 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription wp-newsletter-subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through <= 1.1. | ||
| CVE-2024-44011 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExpressTech Systems WP Ticket Ultra Help Desk & Support Plugin wp-ticket-ultra allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a… | ||
| CVE-2024-44017 | Hig | 0.49 | 7.5 | 0.01 | Oct 2, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board mh-board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through <= 1.3.2.1. | ||
| CVE-2024-44825 | — | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2024 | Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file. | |
| CVE-2024-7609 | Hig | 0.49 | 7.5 | 0.01 | Sep 11, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal. This issue affects VOC TESTER: before 12.34.8. | ||
| CVE-2024-6445 | Hig | 0.49 | 7.5 | 0.01 | Sep 6, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal. This issue affects DataDiodeX: from v3.0.0 before v3.1.7. | ||
| CVE-2024-43022 | Hig | 0.49 | 7.5 | 0.01 | Aug 21, 2024 | An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal. | ||
| CVE-2024-43345 | Hig | 0.49 | 7.5 | 0.01 | Aug 19, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0. | ||
| CVE-2024-41695 | — | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2024 | Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Directory | |
| CVE-2024-36527 | Med | 0.49 | 6.5 | 0.03 | Jun 17, 2024 | puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server. | ||
| CVE-2023-49753 | Hig | 0.49 | 7.5 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4. | ||
| CVE-2023-35881 | Hig | 0.49 | 7.6 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0. | ||
| CVE-2023-23700 | Hig | 0.49 | 7.6 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1. | ||
| CVE-2023-40297 | Hig | 0.49 | 7.5 | 0.01 | May 15, 2024 | Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component. | ||
| CVE-2024-34523 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2024 | AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the… |
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX wpspx allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through <= 1.0.2.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in istmoplugins Instant Chat Floating Button for WordPress Websites instant-chat-wp allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress…
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in amarksteadman Podiant podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through <= 1.1.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in istmoplugins Users Control users-control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through <= 1.0.16.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar vr-calendar-sync allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through <= 2.4.0.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription wp-newsletter-subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through <= 1.1.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExpressTech Systems WP Ticket Ultra Help Desk & Support Plugin wp-ticket-ultra allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a…
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board mh-board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through <= 1.3.2.1.
- risk 0.49cvss 7.5epss 0.01
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal. This issue affects VOC TESTER: before 12.34.8.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal. This issue affects DataDiodeX: from v3.0.0 before v3.1.7.
- risk 0.49cvss 7.5epss 0.01
An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0.
- risk 0.49cvss 7.5epss 0.01
Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Directory
- risk 0.49cvss 6.5epss 0.03
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.
- risk 0.49cvss 7.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0.
- risk 0.49cvss 7.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.
- risk 0.49cvss 7.5epss 0.01
Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.
- risk 0.49cvss 7.5epss 0.01
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the…