VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 80 of 275
  • CVE-2025-59890HigNov 27, 2025
    risk 0.47cvss 7.3epss 0.00

    Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of…

  • CVE-2025-13262HigNov 17, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the…

  • CVE-2025-11565HigNov 12, 2025
    risk 0.47cvss epss 0.00

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload.

  • CVE-2025-61941HigOct 15, 2025
    risk 0.47cvss 7.2epss 0.00

    A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.

  • CVE-2025-34248HigOct 9, 2025
    risk 0.47cvss epss 0.01

    D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files…

  • CVE-2025-10951HigSep 25, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch…

  • CVE-2025-10176HigSep 12, 2025
    risk 0.47cvss 7.2epss 0.01

    The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepare_items function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with…

  • CVE-2025-54926HigAug 20, 2025
    risk 0.47cvss 7.2epss 0.01

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed.

  • CVE-2025-8815HigAug 10, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to…

  • CVE-2025-6776HigJun 27, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path…

  • CVE-2025-6772HigJun 27, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack…

  • CVE-2025-23092HigJun 23, 2025
    risk 0.47cvss 7.2epss 0.01

    Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with administrative privileges to conduct a path traversal attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to upload arbitrary files…

  • CVE-2025-5740HigJun 10, 2025
    risk 0.47cvss 7.2epss 0.01

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path.

  • CVE-2024-13914HigMay 15, 2025
    risk 0.47cvss 7.2epss 0.01

    The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-manager-pro-premium), via the 'file_manager_advanced' shortcode. This makes it…

  • CVE-2025-3300HigApr 24, 2025
    risk 0.47cvss 7.2epss 0.01

    The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents…

  • CVE-2024-7034HigMar 20, 2025
    risk 0.47cvss 7.2epss 0.02

    In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of `file_path = f"{UPLOAD_DIR}/{file.filename}"` without proper input validation or…

  • CVE-2025-24494HigMar 5, 2025
    risk 0.47cvss 7.2epss 0.01

    Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the 'Upload' functionality this could be used to execute an arbitrary script or possibly an uploaded binary.…

  • CVE-2024-7037HigOct 9, 2024
    risk 0.47cvss 7.2epss 0.01

    In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially…

  • CVE-2024-44030HigOct 2, 2024
    risk 0.47cvss 7.2epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Absolute Path Traversal.This issue affects Checkout Mestres WP: from n/a through <= 8.6.

  • CVE-2024-46987HigSep 18, 2024
    risk 0.47cvss 7.7epss 0.15

    Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on…