CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 72 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14196 | Hig | 0.49 | 7.5 | 0.02 | Nov 30, 2017 | An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed. | ||
| CVE-2017-16762 | Hig | 0.49 | 7.5 | 0.02 | Nov 10, 2017 | Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | ||
| CVE-2017-11511 | Hig | 0.49 | 7.5 | 0.04 | Nov 8, 2017 | The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | ||
| CVE-2014-0115 | Hig | 0.49 | 7.5 | 0.05 | Oct 30, 2017 | Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log. | ||
| CVE-2017-15805 | Hig | 0.49 | 7.5 | 0.02 | Oct 23, 2017 | Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | ||
| CVE-2017-10933 | Hig | 0.49 | 7.5 | 0.02 | Oct 19, 2017 | All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | ||
| CVE-2015-1429 | Hig | 0.49 | 7.5 | 0.02 | Oct 6, 2017 | Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter. | ||
| CVE-2017-15079 | Hig | 0.49 | 7.5 | 0.03 | Oct 6, 2017 | The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | ||
| CVE-2017-1577 | Hig | 0.49 | 7.5 | 0.03 | Sep 28, 2017 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. | ||
| CVE-2017-14722 | Hig | 0.49 | 7.5 | 0.08 | Sep 23, 2017 | Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | ||
| CVE-2017-10931 | Hig | 0.49 | 7.5 | 0.01 | Sep 19, 2017 | The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | ||
| CVE-2017-14514 | Hig | 0.49 | 7.5 | 0.02 | Sep 17, 2017 | Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | ||
| CVE-2017-14120 | Hig | 0.49 | 7.5 | 0.02 | Sep 3, 2017 | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | ||
| CVE-2017-13780 | Hig | 0.49 | 7.5 | 0.02 | Aug 30, 2017 | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | ||
| CVE-2017-3163 | Hig | 0.49 | 7.5 | 0.07 | Aug 30, 2017 | When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special… | ||
| CVE-2016-8752 | Hig | 0.49 | 7.5 | 0.02 | Aug 29, 2017 | Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. | ||
| CVE-2015-1876 | Hig | 0.49 | 7.5 | 0.03 | Aug 28, 2017 | Directory traversal vulnerability in ES File Explorer 3.2.4.1. | ||
| CVE-2015-1386 | Hig | 0.49 | 7.5 | 0.03 | Aug 28, 2017 | Directory traversal vulnerability in unshield 1.0-1. | ||
| CVE-2015-1199 | Hig | 0.49 | 7.5 | 0.02 | Aug 28, 2017 | Directory traversal vulnerability in ppmd 10.1-5. | ||
| CVE-2015-1198 | Hig | 0.49 | 7.5 | 0.03 | Aug 28, 2017 | Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. |
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.
- risk 0.49cvss 7.5epss 0.02
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
- risk 0.49cvss 7.5epss 0.04
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
- risk 0.49cvss 7.5epss 0.02
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.
- risk 0.49cvss 7.5epss 0.02
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter.
- risk 0.49cvss 7.5epss 0.03
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
- risk 0.49cvss 7.5epss 0.03
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.
- risk 0.49cvss 7.5epss 0.08
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
- risk 0.49cvss 7.5epss 0.01
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
- risk 0.49cvss 7.5epss 0.02
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.
- risk 0.49cvss 7.5epss 0.02
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
- risk 0.49cvss 7.5epss 0.02
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
- risk 0.49cvss 7.5epss 0.07
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special…
- risk 0.49cvss 7.5epss 0.02
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
- risk 0.49cvss 7.5epss 0.03
Directory traversal vulnerability in ES File Explorer 3.2.4.1.
- risk 0.49cvss 7.5epss 0.03
Directory traversal vulnerability in unshield 1.0-1.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in ppmd 10.1-5.
- risk 0.49cvss 7.5epss 0.03
Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5.