VYPR

CWE-35

Path Traversal: '.../...//'

VariantIncomplete

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (119)

page 3 of 6
  • CVE-2023-7300HigDec 26, 2024
    risk 0.52cvss 8.0epss 0.00

    Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613)

  • CVE-2026-44933HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like…

  • CVE-2025-67914HigJan 8, 2026
    risk 0.50cvss 7.7epss 0.00

    Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.

  • CVE-2025-30014HigApr 8, 2025
    risk 0.50cvss 7.7epss 0.01

    SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity…

  • CVE-2024-54216HigDec 6, 2024
    risk 0.50cvss 7.7epss 0.01

    Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1.

  • CVE-2026-25397HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4.

  • CVE-2025-48317HigSep 5, 2025
    risk 0.49cvss 7.5epss 0.00

    Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through <= 0.4.9.

  • CVE-2025-52805HigJul 4, 2025
    risk 0.49cvss 7.5epss 0.00

    Path Traversal: '.../...//' vulnerability in VaultDweller Leyka leyka allows PHP Local File Inclusion.This issue affects Leyka: from n/a through <= 3.32.1.

  • CVE-2025-49451HigJun 17, 2025
    risk 0.49cvss 7.5epss 0.00

    Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo…

  • CVE-2025-39492HigMay 16, 2025
    risk 0.49cvss 7.5epss 0.00

    Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.

  • CVE-2025-47636HigMay 7, 2025
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0.

  • CVE-2025-32585HigApr 11, 2025
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through <= 1.2.

  • CVE-2025-30834HigApr 1, 2025
    risk 0.49cvss 7.5epss 0.00

    Path Traversal: '.../...//' vulnerability in Bit Apps Bit Assist bit-assist allows Path Traversal.This issue affects Bit Assist: from n/a through <= 1.5.4.

  • CVE-2025-26935HigFeb 25, 2025
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8.

  • CVE-2025-22786HigJan 15, 2025
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '.../...//' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.2.6.

  • CVE-2024-21575HigDec 12, 2024
    risk 0.49cvss 8.6epss 0.01

    ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which…

  • CVE-2024-52498HigNov 28, 2024
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '.../...//' vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through <= 1.0.0.

  • CVE-2024-50054HigNov 22, 2024
    risk 0.49cvss 7.5epss 0.01

    The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.

  • CVE-2024-51582HigNov 4, 2024
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9.

  • CVE-2024-45248HigOct 6, 2024
    risk 0.49cvss 7.5epss 0.01

    Multi-DNC – CWE-35: Path Traversal: '.../...//'