CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 58 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35881 | Hig | 0.49 | 7.6 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0. | ||
| CVE-2023-23700 | Hig | 0.49 | 7.6 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1. | ||
| CVE-2023-40297 | Hig | 0.49 | 7.5 | 0.01 | May 15, 2024 | Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component. | ||
| CVE-2024-34523 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2024 | AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the… | ||
| CVE-2024-33274 | Hig | 0.49 | 7.5 | 0.01 | Apr 30, 2024 | Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php | ||
| CVE-2023-45385 | Hig | 0.49 | 7.5 | 0.01 | Apr 30, 2024 | ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module. | ||
| CVE-2024-31801 | Hig | 0.49 | 7.5 | 0.01 | Apr 29, 2024 | Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request. | ||
| CVE-2023-47843 | Hig | 0.49 | 7.6 | 0.01 | Apr 18, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | ||
| CVE-2024-1594 | Hig | 0.49 | 7.5 | 0.01 | Apr 16, 2024 | A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to… | ||
| CVE-2024-1593 | Hig | 0.49 | 7.5 | 0.01 | Apr 16, 2024 | A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files… | ||
| CVE-2024-1558 | Hig | 0.49 | 7.5 | 0.01 | Apr 16, 2024 | A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that… | ||
| CVE-2024-1483 | Hig | 0.49 | 7.5 | 0.03 | Apr 16, 2024 | A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of… | ||
| CVE-2024-1728 | Hig | 0.49 | 7.5 | 0.85 | Apr 10, 2024 | gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating… | ||
| CVE-2024-31978 | — | Hig | 0.49 | 7.6 | 0.00 | Apr 9, 2024 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the… | |
| CVE-2024-27575 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2024 | INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI. | ||
| CVE-2021-31156 | Hig | 0.49 | 7.5 | 0.01 | Mar 28, 2024 | Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data. | ||
| CVE-2024-25136 | Hig | 0.49 | 7.5 | 0.01 | Mar 26, 2024 | There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content. | ||
| CVE-2023-40747 | Hig | 0.49 | 7.5 | 0.01 | Mar 18, 2024 | Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot. | ||
| CVE-2024-23904 | Hig | 0.49 | 7.5 | 0.01 | Jan 24, 2024 | Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins… | ||
| CVE-2023-52289 | — | Hig | 0.49 | 7.5 | 0.01 | Jan 13, 2024 | An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files. |
- risk 0.49cvss 7.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0.
- risk 0.49cvss 7.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.
- risk 0.49cvss 7.5epss 0.01
Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.
- risk 0.49cvss 7.5epss 0.01
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the…
- risk 0.49cvss 7.5epss 0.01
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php
- risk 0.49cvss 7.5epss 0.01
ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module.
- risk 0.49cvss 7.5epss 0.01
Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request.
- risk 0.49cvss 7.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
- risk 0.49cvss 7.5epss 0.01
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to…
- risk 0.49cvss 7.5epss 0.01
A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files…
- risk 0.49cvss 7.5epss 0.01
A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that…
- risk 0.49cvss 7.5epss 0.03
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of…
- risk 0.49cvss 7.5epss 0.85
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating…
- risk 0.49cvss 7.6epss 0.00
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the…
- risk 0.49cvss 7.5epss 0.01
INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI.
- risk 0.49cvss 7.5epss 0.01
Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data.
- risk 0.49cvss 7.5epss 0.01
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
- risk 0.49cvss 7.5epss 0.01
Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.
- risk 0.49cvss 7.5epss 0.01
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.