VYPR

CWE-35

Path Traversal: '.../...//'

VariantIncomplete

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (119)

page 2 of 6
  • CVE-2024-52447HigNov 20, 2024
    risk 0.56cvss 8.6epss 0.01

    Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through <= 1.6.1.

  • CVE-2024-56055HigDec 18, 2024
    risk 0.55cvss 8.5epss 0.00

    Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.

  • CVE-2024-56049HigDec 18, 2024
    risk 0.55cvss 8.5epss 0.00

    Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.

  • CVE-2024-56214HigDec 31, 2024
    risk 0.54cvss 8.3epss 0.00

    Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9.

  • CVE-2025-48090HigNov 6, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5.

  • CVE-2025-39467HigNov 6, 2025
    risk 0.53cvss 8.1epss 0.01

    Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.

  • CVE-2025-52811HigJun 27, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3.

  • CVE-2025-52810HigJun 27, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.

  • CVE-2025-49297HigJun 9, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.

  • CVE-2025-49296HigJun 9, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.

  • CVE-2025-49295HigJun 9, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.

  • CVE-2025-39475HigJun 9, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3.

  • CVE-2025-27010HigMay 19, 2025
    risk 0.53cvss 8.1epss 0.01

    Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2.

  • CVE-2025-39491HigMay 16, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.

  • CVE-2025-39470HigApr 18, 2025
    risk 0.53cvss 8.1epss 0.01

    Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0.

  • CVE-2024-54362HigMar 28, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3.

  • CVE-2025-25122HigMar 3, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal: '.../...//' vulnerability in hashshop WizShop wizshop allows Path Traversal.This issue affects WizShop: from n/a through <= 3.0.2.

  • CVE-2025-24685HigJan 27, 2025
    risk 0.53cvss 8.1epss 0.01

    Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18.

  • CVE-2024-41973HigNov 18, 2024
    risk 0.53cvss 8.1epss 0.01

    A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.

  • CVE-2024-11136HigNov 14, 2024
    risk 0.53cvss epss 0.00

    The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage.