VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 73 of 275
  • CVE-2014-8871HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.

  • CVE-2017-12694HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.04

    A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.

  • CVE-2015-4180HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2017-9511HigAug 24, 2017
    risk 0.49cvss 7.5epss 0.03

    The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.

  • CVE-2017-12938HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.04

    UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.

  • CVE-2011-5325HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

  • CVE-2017-10949HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.05

    Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.

  • CVE-2017-11723HigJul 29, 2017
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter.

  • CVE-2017-11658HigJul 26, 2017
    risk 0.49cvss 7.5epss 0.03

    In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.

  • CVE-2017-11630HigJul 26, 2017
    risk 0.49cvss 7.5epss 0.02

    dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.

  • CVE-2015-1847HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL.

  • CVE-2017-11587HigJul 24, 2017
    risk 0.49cvss 7.5epss 0.02

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.

  • CVE-2016-10400HigJul 22, 2017
    risk 0.49cvss 7.5epss 0.02

    Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.

  • CVE-2017-11500HigJul 20, 2017
    risk 0.49cvss 7.5epss 0.02

    A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.

  • CVE-2017-1000062HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.04

    kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution

  • CVE-2017-1000026HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.02

    Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries

  • CVE-2017-6681HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known…

  • CVE-2015-8235HigJun 7, 2017
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in Spiffy before 5.4.

  • CVE-2015-7888HigJun 7, 2017
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named…

  • CVE-2017-9428HigJun 4, 2017
    risk 0.49cvss 7.5epss 0.02

    A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.