CWE-35
Path Traversal: '.../...//'
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (119)
page 2 of 6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52447 | Hig | 0.56 | 8.6 | 0.01 | Nov 20, 2024 | Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through <= 1.6.1. | ||
| CVE-2024-56055 | Hig | 0.55 | 8.5 | 0.00 | Dec 18, 2024 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | ||
| CVE-2024-56049 | Hig | 0.55 | 8.5 | 0.00 | Dec 18, 2024 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | ||
| CVE-2024-56214 | Hig | 0.54 | 8.3 | 0.00 | Dec 31, 2024 | Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9. | ||
| CVE-2025-48090 | Hig | 0.53 | 8.1 | 0.00 | Nov 6, 2025 | Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5. | ||
| CVE-2025-39467 | Hig | 0.53 | 8.1 | 0.01 | Nov 6, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. | ||
| CVE-2025-52811 | Hig | 0.53 | 8.1 | 0.00 | Jun 27, 2025 | Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3. | ||
| CVE-2025-52810 | Hig | 0.53 | 8.1 | 0.00 | Jun 27, 2025 | Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1. | ||
| CVE-2025-49297 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6. | ||
| CVE-2025-49296 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6. | ||
| CVE-2025-49295 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1. | ||
| CVE-2025-39475 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3. | ||
| CVE-2025-27010 | Hig | 0.53 | 8.1 | 0.01 | May 19, 2025 | Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2. | ||
| CVE-2025-39491 | Hig | 0.53 | 8.1 | 0.00 | May 16, 2025 | Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision. | ||
| CVE-2025-39470 | Hig | 0.53 | 8.1 | 0.01 | Apr 18, 2025 | Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0. | ||
| CVE-2024-54362 | Hig | 0.53 | 8.1 | 0.00 | Mar 28, 2025 | Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3. | ||
| CVE-2025-25122 | Hig | 0.53 | 8.1 | 0.00 | Mar 3, 2025 | Path Traversal: '.../...//' vulnerability in hashshop WizShop wizshop allows Path Traversal.This issue affects WizShop: from n/a through <= 3.0.2. | ||
| CVE-2025-24685 | Hig | 0.53 | 8.1 | 0.01 | Jan 27, 2025 | Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18. | ||
| CVE-2024-41973 | — | Hig | 0.53 | 8.1 | 0.01 | Nov 18, 2024 | A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. | |
| CVE-2024-11136 | — | Hig | 0.53 | — | 0.00 | Nov 14, 2024 | The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage. |
- risk 0.56cvss 8.6epss 0.01
Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through <= 1.6.1.
- risk 0.55cvss 8.5epss 0.00
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
- risk 0.55cvss 8.5epss 0.00
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
- risk 0.54cvss 8.3epss 0.00
Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5.
- risk 0.53cvss 8.1epss 0.01
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3.
- risk 0.53cvss 8.1epss 0.00
Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3.
- risk 0.53cvss 8.1epss 0.01
Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2.
- risk 0.53cvss 8.1epss 0.00
Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.
- risk 0.53cvss 8.1epss 0.01
Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in hashshop WizShop wizshop allows Path Traversal.This issue affects WizShop: from n/a through <= 3.0.2.
- risk 0.53cvss 8.1epss 0.01
Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18.
- risk 0.53cvss 8.1epss 0.01
A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.
- risk 0.53cvss —epss 0.00
The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage.