VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 58 of 275
  • CVE-2023-35881HigMay 17, 2024
    risk 0.49cvss 7.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0.

  • CVE-2023-23700HigMay 17, 2024
    risk 0.49cvss 7.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.

  • CVE-2023-40297HigMay 15, 2024
    risk 0.49cvss 7.5epss 0.01

    Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.

  • CVE-2024-34523HigMay 7, 2024
    risk 0.49cvss 7.5epss 0.01

    AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the…

  • CVE-2024-33274HigApr 30, 2024
    risk 0.49cvss 7.5epss 0.01

    Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php

  • CVE-2023-45385HigApr 30, 2024
    risk 0.49cvss 7.5epss 0.01

    ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module.

  • CVE-2024-31801HigApr 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request.

  • CVE-2023-47843HigApr 18, 2024
    risk 0.49cvss 7.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.

  • CVE-2024-1594HigApr 16, 2024
    risk 0.49cvss 7.5epss 0.01

    A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to…

  • CVE-2024-1593HigApr 16, 2024
    risk 0.49cvss 7.5epss 0.01

    A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files…

  • CVE-2024-1558HigApr 16, 2024
    risk 0.49cvss 7.5epss 0.01

    A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that…

  • CVE-2024-1483HigApr 16, 2024
    risk 0.49cvss 7.5epss 0.03

    A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of…

  • CVE-2024-1728HigApr 10, 2024
    risk 0.49cvss 7.5epss 0.85

    gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating…

  • CVE-2024-31978HigApr 9, 2024
    risk 0.49cvss 7.6epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the…

  • CVE-2024-27575HigApr 4, 2024
    risk 0.49cvss 7.5epss 0.01

    INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI.

  • CVE-2021-31156HigMar 28, 2024
    risk 0.49cvss 7.5epss 0.01

    Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data.

  • CVE-2024-25136HigMar 26, 2024
    risk 0.49cvss 7.5epss 0.01

    There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.

  • CVE-2023-40747HigMar 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.

  • CVE-2024-23904HigJan 24, 2024
    risk 0.49cvss 7.5epss 0.01

    Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins…

  • CVE-2023-52289HigJan 13, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.