CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 63 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16820 | Hig | 0.49 | 7.5 | 0.02 | Sep 18, 2018 | admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests. | ||
| CVE-2018-17125 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2018 | CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | ||
| CVE-2018-16774 | Hig | 0.49 | 7.5 | 0.02 | Sep 10, 2018 | HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | ||
| CVE-2018-16446 | Hig | 0.49 | 7.5 | 0.02 | Sep 4, 2018 | An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt. | ||
| CVE-2018-16344 | Hig | 0.49 | 7.5 | 0.02 | Sep 2, 2018 | An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. | ||
| CVE-2018-3787 | — | Hig | 0.49 | 7.5 | 0.02 | Aug 31, 2018 | Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. | |
| CVE-2018-11720 | Hig | 0.49 | 7.5 | 0.02 | Aug 30, 2018 | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. | ||
| CVE-2018-15810 | Hig | 0.49 | 7.5 | 0.02 | Aug 27, 2018 | Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. | ||
| CVE-2018-15694 | Hig | 0.49 | 7.5 | 0.02 | Aug 27, 2018 | ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled. | ||
| CVE-2018-14429 | — | Hig | 0.49 | 7.5 | 0.04 | Aug 14, 2018 | man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | |
| CVE-2018-0617 | Hig | 0.49 | 7.5 | 0.02 | Jul 26, 2018 | Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2018-13864 | — | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2018 | A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests. | |
| CVE-2016-9484 | Hig | 0.49 | 7.5 | 0.04 | Jul 13, 2018 | The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated… | ||
| CVE-2016-10726 | — | Hig | 0.49 | 7.5 | 0.03 | Jul 10, 2018 | The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI. | |
| CVE-2013-3001 | Hig | 0.49 | 7.5 | 0.03 | Jul 9, 2018 | Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127. | ||
| CVE-2018-6830 | Hig | 0.49 | 7.5 | 0.03 | Jul 9, 2018 | Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1… | ||
| CVE-2018-11543 | Hig | 0.49 | 7.5 | 0.02 | Jul 9, 2018 | A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to… | ||
| CVE-2018-3766 | Hig | 0.49 | 7.5 | 0.02 | Jul 5, 2018 | Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | ||
| CVE-2018-11051 | Hig | 0.49 | 7.5 | 0.03 | Jul 3, 2018 | RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input… | ||
| CVE-2018-12631 | Hig | 0.49 | 7.5 | 0.03 | Jun 21, 2018 | Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. |
- risk 0.49cvss 7.5epss 0.02
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.
- risk 0.49cvss 7.5epss 0.01
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
- risk 0.49cvss 7.5epss 0.02
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
- risk 0.49cvss 7.5epss 0.02
Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server.
- risk 0.49cvss 7.5epss 0.02
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal.
- risk 0.49cvss 7.5epss 0.02
Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters.
- risk 0.49cvss 7.5epss 0.02
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.
- risk 0.49cvss 7.5epss 0.04
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors.
- risk 0.49cvss 7.5epss 0.03
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.
- risk 0.49cvss 7.5epss 0.04
The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated…
- risk 0.49cvss 7.5epss 0.03
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.
- risk 0.49cvss 7.5epss 0.03
Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127.
- risk 0.49cvss 7.5epss 0.03
Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1…
- risk 0.49cvss 7.5epss 0.02
A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to…
- risk 0.49cvss 7.5epss 0.02
Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.
- risk 0.49cvss 7.5epss 0.03
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input…
- risk 0.49cvss 7.5epss 0.03
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.