VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 63 of 275
  • CVE-2018-16820HigSep 18, 2018
    risk 0.49cvss 7.5epss 0.02

    admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.

  • CVE-2018-17125HigSep 17, 2018
    risk 0.49cvss 7.5epss 0.01

    CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.

  • CVE-2018-16774HigSep 10, 2018
    risk 0.49cvss 7.5epss 0.02

    HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.

  • CVE-2018-16446HigSep 4, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.

  • CVE-2018-16344HigSep 2, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.

  • CVE-2018-3787HigAug 31, 2018
    risk 0.49cvss 7.5epss 0.02

    Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server.

  • CVE-2018-11720HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.02

    Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal.

  • CVE-2018-15810HigAug 27, 2018
    risk 0.49cvss 7.5epss 0.02

    Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters.

  • CVE-2018-15694HigAug 27, 2018
    risk 0.49cvss 7.5epss 0.02

    ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.

  • CVE-2018-14429HigAug 14, 2018
    risk 0.49cvss 7.5epss 0.04

    man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI.

  • CVE-2018-0617HigJul 26, 2018
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2018-13864HigJul 17, 2018
    risk 0.49cvss 7.5epss 0.03

    A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.

  • CVE-2016-9484HigJul 13, 2018
    risk 0.49cvss 7.5epss 0.04

    The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated…

  • CVE-2016-10726HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.03

    The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.

  • CVE-2013-3001HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127.

  • CVE-2018-6830HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1…

  • CVE-2018-11543HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.02

    A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to…

  • CVE-2018-3766HigJul 5, 2018
    risk 0.49cvss 7.5epss 0.02

    Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.

  • CVE-2018-11051HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.03

    RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input…

  • CVE-2018-12631HigJun 21, 2018
    risk 0.49cvss 7.5epss 0.03

    Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.