VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 76 of 275
  • CVE-2016-6371HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.

  • CVE-2016-5049HigAug 26, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter.

  • CVE-2016-1429HigAug 8, 2016
    risk 0.49cvss 7.5epss 0.07

    Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.

  • CVE-2016-6232HigAug 2, 2016
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.

  • CVE-2016-4815HigJun 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-4814HigJun 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-2289HigApr 1, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.

  • CVE-2016-1145HigJan 30, 2016
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2015-6833HigJan 19, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.

  • CVE-2016-0855HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.

  • CVE-2015-2875HigDec 31, 2015
    risk 0.49cvss 7.5epss 0.03

    Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download…

  • CVE-2008-3939HigSep 5, 2008
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

  • CVE-2007-3967HigJul 25, 2007
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parameter.

  • CVE-2026-42881HigMay 14, 2026
    risk 0.48cvss epss 0.00

    STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file…

  • CVE-2026-43989HigMay 12, 2026
    risk 0.48cvss 8.5epss 0.00

    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format.…

  • CVE-2026-43940HigMay 8, 2026
    risk 0.48cvss 8.4epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifiers without any…

  • CVE-2026-35570HigApr 21, 2026
    risk 0.48cvss 8.4epss 0.00

    OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool/bashPermissions.ts`. When the sandbox auto-allow feature is active and no…

  • CVE-2026-33747HigMar 27, 2026
    risk 0.48cvss 8.4epss 0.01

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit…

  • CVE-2025-66300HigDec 1, 2025
    risk 0.48cvss 8.5epss 0.00

    Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files (/grav/user/accounts/*.yaml), which store hashed user password, 2FA…

  • CVE-2025-55201HigAug 18, 2025
    risk 0.48cvss epss 0.00

    Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the…