VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 8 of 275
  • CVE-2018-1000550CriJun 26, 2018
    risk 0.64cvss 9.8epss 0.03

    The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP…

  • CVE-2018-11141CriMay 31, 2018
    risk 0.64cvss 9.8epss 0.02

    The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the…

  • CVE-2018-3744CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.02

    The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

  • CVE-2017-9664CriMay 24, 2018
    risk 0.64cvss 9.8epss 0.03

    In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP…

  • CVE-2018-11248CriMay 18, 2018
    risk 0.64cvss 9.8epss 0.02

    util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.

  • CVE-2018-10589CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.04

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…

  • CVE-2018-5337CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.10

    An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.

  • CVE-2018-7539CriApr 17, 2018
    risk 0.64cvss 9.8epss 0.04

    On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088.…

  • CVE-2018-3822CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with…

  • CVE-2018-8712CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to…

  • CVE-2017-14804CriMar 1, 2018
    risk 0.64cvss 9.9epss 0.02

    The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

  • CVE-2017-17108CriFeb 3, 2018
    risk 0.64cvss 9.8epss 0.02

    Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted JSP files and in turn gain access to the server.

  • CVE-2017-16610CriJan 23, 2018
    risk 0.64cvss 9.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of…

  • CVE-2017-17992CriDec 30, 2017
    risk 0.64cvss 9.8epss 0.02

    Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.

  • CVE-2015-7669CriDec 27, 2017
    risk 0.64cvss 9.8epss 0.07

    Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file…

  • CVE-2017-17671CriDec 14, 2017
    risk 0.64cvss 9.8epss 0.03

    vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is…

  • CVE-2017-15607CriDec 1, 2017
    risk 0.64cvss 9.8epss 0.02

    Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.

  • CVE-2017-16903CriNov 20, 2017
    risk 0.64cvss 9.8epss 0.02

    LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.

  • CVE-2017-9367CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.02

    A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.

  • CVE-2017-7974CriSep 26, 2017
    risk 0.64cvss 9.8epss 0.05

    A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.