CWE-23
Relative Path Traversal
BaseDraft
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-139 · CAPEC-76
CVEs mapped to this weakness (94)
page 1 of 5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27199 | Hig | 0.73 | 7.3 | 0.91 | KEV | Mar 4, 2024 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible |
| CVE-2023-6825 | Cri | 0.70 | 9.9 | 0.67 | Mar 13, 2024 | The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users. | |
| CVE-2023-3941 | Cri | 0.65 | 10.0 | 0.01 | May 21, 2024 | Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others. | |
| CVE-2012-6069 | Cri | 0.65 | 10.0 | 0.02 | Jan 21, 2013 | The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device. | |
| CVE-2025-62878 | Cri | 0.64 | 9.9 | 0.00 | Feb 25, 2026 | A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. | |
| CVE-2025-3365 | Cri | 0.64 | 9.8 | 0.01 | Jun 6, 2025 | A missing protection against path traversal allows to access any file on the server. | |
| CVE-2025-23410 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2025 | When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types. | |
| CVE-2025-20059 | Cri | 0.59 | 9.1 | 0.01 | Feb 20, 2025 | Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9. | |
| CVE-2026-33494 | Cri | 0.58 | 10.0 | 0.00 | Mar 26, 2026 | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during rule evaluation. Version 26.2.0 contains a patch. | |
| CVE-2025-52207 | Cri | 0.58 | 9.9 | 0.10 | Jun 27, 2025 | PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory. | |
| CVE-2025-62498 | Hig | 0.57 | 8.8 | 0.00 | Oct 23, 2025 | A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened. | |
| CVE-2025-7619 | Hig | 0.57 | 8.8 | 0.03 | Jul 14, 2025 | BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution. | |
| CVE-2024-47637 | Hig | 0.57 | 8.8 | 0.02 | Oct 16, 2024 | Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through <= 6.4.1. | |
| CVE-2024-3497 | Hig | 0.57 | 8.8 | 0.00 | Jun 14, 2024 | Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL. | |
| CVE-2024-33615 | Hig | 0.57 | 8.8 | 0.01 | May 15, 2024 | A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution. | |
| CVE-2024-49253 | Hig | 0.56 | 8.6 | 0.00 | Oct 16, 2024 | Relative Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through <= 0.5. | |
| CVE-2025-54317 | Hig | 0.55 | 8.4 | 0.01 | Jul 20, 2025 | An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE). | |
| CVE-2025-47788 | Cri | 0.54 | — | 0.01 | May 15, 2025 | Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for the issue. | |
| CVE-2025-2007 | Hig | 0.54 | 8.1 | 0.11 | Apr 1, 2025 | The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Please note this vulnerability was reintroduced in 7.20, and subsequently patched again in 7.20.1. | |
| CVE-2026-5966 | Hig | 0.53 | 8.1 | 0.00 | Apr 20, 2026 | ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system. |