VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 70 of 275
  • CVE-2017-16036HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.02

    `badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16029HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.02

    hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests.

  • CVE-2014-10066HigMay 31, 2018
    risk 0.49cvss 7.5epss 0.02

    Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.

  • CVE-2018-3734HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.02

    stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.

  • CVE-2017-16153HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.02

    gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2018-7503HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…

  • CVE-2018-7495HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability…

  • CVE-2018-0588HigMay 14, 2018
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2017-18263HigApr 28, 2018
    risk 0.49cvss 7.5epss 0.04

    Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.

  • CVE-2014-10073HigApr 20, 2018
    risk 0.49cvss 7.5epss 0.02

    The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.

  • CVE-2018-10122HigApr 16, 2018
    risk 0.49cvss 7.5epss 0.02

    QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php.

  • CVE-2018-10083HigApr 13, 2018
    risk 0.49cvss 7.5epss 0.02

    CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.

  • CVE-2018-9851HigApr 8, 2018
    risk 0.49cvss 7.5epss 0.02

    In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.

  • CVE-2018-9850HigApr 8, 2018
    risk 0.49cvss 7.5epss 0.02

    In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.

  • CVE-2018-9331HigApr 7, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.

  • CVE-2018-8969HigMar 24, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

  • CVE-2018-8968HigMar 24, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

  • CVE-2018-8965HigMar 24, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

  • CVE-2018-1211HigMar 23, 2018
    risk 0.49cvss 7.5epss 0.03

    Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings…

  • CVE-2018-0542HigMar 22, 2018
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors.