CWE-35
Path Traversal: '.../...//'
VariantIncomplete
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (96)
page 2 of 5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-52811 | Hig | 0.53 | 8.1 | 0.00 | Jun 27, 2025 | Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3. | |
| CVE-2025-52810 | Hig | 0.53 | 8.1 | 0.00 | Jun 27, 2025 | Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1. | |
| CVE-2025-49297 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6. | |
| CVE-2025-49296 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6. | |
| CVE-2025-49295 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1. | |
| CVE-2025-39475 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3. | |
| CVE-2025-27010 | Hig | 0.53 | 8.1 | 0.00 | May 19, 2025 | Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2. | |
| CVE-2025-39491 | Hig | 0.53 | 8.1 | 0.00 | May 16, 2025 | Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |
| CVE-2025-39470 | Hig | 0.53 | 8.1 | 0.00 | Apr 18, 2025 | Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0. | |
| CVE-2024-54362 | Hig | 0.53 | 8.1 | 0.00 | Mar 28, 2025 | Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3. | |
| CVE-2025-25122 | Hig | 0.53 | 8.1 | 0.00 | Mar 3, 2025 | Path Traversal: '.../...//' vulnerability in hashshop WizShop wizshop allows Path Traversal.This issue affects WizShop: from n/a through <= 3.0.2. | |
| CVE-2025-24685 | Hig | 0.53 | 8.1 | 0.00 | Jan 27, 2025 | Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18. | |
| CVE-2024-41973 | Hig | 0.53 | 8.1 | 0.02 | Nov 18, 2024 | A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. | |
| CVE-2024-11136 | Hig | 0.53 | — | 0.00 | Nov 14, 2024 | The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage. | |
| CVE-2023-7300 | Hig | 0.52 | 8.0 | 0.00 | Dec 26, 2024 | Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613) | |
| CVE-2025-67914 | Hig | 0.50 | 7.7 | 0.00 | Jan 8, 2026 | Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. | |
| CVE-2025-30014 | Hig | 0.50 | 7.7 | 0.01 | Apr 8, 2025 | SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. | |
| CVE-2024-54216 | Hig | 0.50 | 7.7 | 0.01 | Dec 6, 2024 | Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1. | |
| CVE-2026-25397 | Hig | 0.49 | 7.5 | 0.00 | Mar 25, 2026 | Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4. | |
| CVE-2025-48317 | Hig | 0.49 | 7.5 | 0.00 | Sep 5, 2025 | Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through <= 0.4.9. |