VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 91 of 275
  • CVE-2018-3760HigJun 26, 2018
    risk 0.44cvss 7.5epss 0.27

    There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the…

  • CVE-2017-15527MedNov 20, 2017
    risk 0.44cvss 6.8epss 0.01

    Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing…

  • CVE-2016-6614MedDec 11, 2016
    risk 0.44cvss 6.8epss 0.02

    An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All…

  • CVE-2016-2933MedNov 30, 2016
    risk 0.44cvss 6.8epss 0.03

    Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.

  • CVE-2010-0467MedFeb 2, 2010
    risk 0.44cvss 5.8epss 0.43

    Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.

  • CVE-2026-50567HigJun 10, 2026
    risk 0.43cvss 7.7epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join…

  • CVE-2026-49957HigJun 9, 2026
    risk 0.43cvss 7.7epss 0.00

    Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within…

  • CVE-2026-47179HigMay 29, 2026
    risk 0.43cvss 7.7epss 0.00

    Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation…

  • CVE-2026-43532HigMay 5, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.

  • CVE-2026-34242HigApr 15, 2026
    risk 0.43cvss 7.7epss 0.00

    Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17.

  • CVE-2026-35668HigApr 10, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in…

  • CVE-2025-13070MedDec 9, 2025
    risk 0.43cvss 6.6epss 0.00

    The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks.

  • CVE-2025-10050MedSep 17, 2025
    risk 0.43cvss 6.6epss 0.01

    The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabled_loggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to…

  • CVE-2025-58355HigSep 4, 2025
    risk 0.43cvss 7.7epss 0.00

    Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0.

  • CVE-2025-53534HigAug 5, 2025
    risk 0.43cvss epss 0.01

    RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take…

  • CVE-2025-34076HigJul 2, 2025
    risk 0.43cvss 7.2epss 0.01

    An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying…

  • CVE-2025-0694MedMar 18, 2025
    risk 0.43cvss 6.6epss 0.00

    Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.

  • CVE-2025-0750MedJan 28, 2025
    risk 0.43cvss 6.6epss 0.00

    A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by…

  • CVE-2024-12088MedJan 14, 2025
    risk 0.43cvss 6.5epss 0.05

    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary…

  • CVE-2024-12083MedJan 14, 2025
    risk 0.43cvss 6.6epss 0.01

    Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products.