VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 81 of 275
  • CVE-2024-42501HigSep 17, 2024
    risk 0.47cvss 7.2epss 0.01

    An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.

  • CVE-2024-27178HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability…

  • CVE-2024-27177HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this…

  • CVE-2024-27176HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability…

  • CVE-2024-35219HigMay 27, 2024
    risk 0.47cvss 8.3epss 0.04

    OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from…

  • CVE-2024-4347HigMay 23, 2024
    risk 0.47cvss 7.2epss 0.01

    The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include…

  • CVE-2023-37385HigMay 17, 2024
    risk 0.47cvss 7.3epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.5.6.

  • CVE-2023-41877HigMar 20, 2024
    risk 0.47cvss 7.2epss 0.01

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for…

  • CVE-2024-27121HigMar 12, 2024
    risk 0.47cvss 7.2epss 0.01

    Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote…

  • CVE-2023-46496HigDec 8, 2023
    risk 0.47cvss 8.3epss 0.01

    Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.

  • CVE-2023-2435HigMay 31, 2023
    risk 0.47cvss 7.2epss 0.01

    The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP…

  • CVE-2022-39215HigSep 15, 2022
    risk 0.47cvss 8.3epss 0.01

    Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction…

  • CVE-2022-35920HigAug 1, 2022
    risk 0.47cvss 8.3epss 0.01

    Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this…

  • CVE-2022-1476MedMay 10, 2022
    risk 0.47cvss 6.6epss 0.47

    The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative…

  • CVE-2021-36031HigSep 1, 2021
    risk 0.47cvss 7.2epss 0.03

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code…

  • CVE-2021-32803HigAug 3, 2021
    risk 0.47cvss 8.2epss 0.08

    The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not…

  • CVE-2019-19848HigDec 17, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit…

  • CVE-2018-1000863HigDec 10, 2018
    risk 0.47cvss 8.2epss 0.07

    A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim…

  • CVE-2018-16320HigSep 1, 2018
    risk 0.47cvss 7.2epss 0.02

    idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.

  • CVE-2017-16744HigAug 20, 2018
    risk 0.47cvss 7.2epss 0.06

    A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.