VYPR

CWE-25

Path Traversal: '/../filedir'

VariantIncomplete

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (6)

  • CVE-2024-56327CriDec 19, 2024
    risk 0.57cvss 9.8epss 0.00

    pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions…

  • CVE-2024-2442HigMar 19, 2024
    risk 0.49cvss 7.5epss 0.01

    Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system.

  • CVE-2023-6919HigJan 26, 2024
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal. This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.

  • CVE-2023-6118HigNov 23, 2023
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal. This issue affects IP Camera: before b1130.1.0.1.

  • CVE-2025-0225MedJan 5, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to…

  • CVE-2026-23877Jan 19, 2026
    risk 0.00cvss epss 0.01

    Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's `list_folders()` function in the `/folder/dir-browser` endpoint is vulnerable to directory traversal attacks. Any authenticated user (including non-admin) can browse arbitrary…