CWE-35

Path Traversal: '.../...//'

VariantIncomplete

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

CWE-23

Children

none

CVEs mapped to this weakness (96)

page 5 of 5

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-27445	Med	0.35	5.4	0.00	Jun 5, 2025	A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files
CVE-2025-30966	Med	0.35	5.4	0.00	Apr 15, 2025	Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.
CVE-2025-69325	Med	0.34	5.3	0.00	Feb 20, 2026	Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.
CVE-2025-48081	Med	0.34	5.3	0.00	Aug 27, 2025	Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0.
CVE-2025-46441	Med	0.34	5.3	0.00	May 19, 2025	Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1.
CVE-2026-32415	Med	0.33	5.0	0.00	Mar 13, 2026	Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.
CVE-2025-64253	Med	0.32	4.9	0.00	Dec 16, 2025	Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.
CVE-2025-39598	Med	0.32	4.9	0.00	Apr 16, 2025	Path Traversal: '.../...//' vulnerability in Quý Lê 91 Administrator Z administrator-z allows Path Traversal.This issue affects Administrator Z: from n/a through <= 2025.03.28.
CVE-2025-27274	Med	0.32	4.9	0.00	Mar 3, 2025	Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through <= 2.2.11.
CVE-2024-52390	Med	0.32	4.9	0.01	Nov 18, 2024	Path Traversal: '.../...//' vulnerability in Greg Ross CYAN Backup cyan-backup allows Path Traversal.This issue affects CYAN Backup: from n/a through <= 2.5.3.
CVE-2026-1763	Med	0.30	4.6	0.00	Feb 10, 2026	Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
CVE-2026-28265	Med	0.29	4.4	0.00	Apr 1, 2026	PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
CVE-2025-4956	Med	0.28	4.3	0.00	Aug 30, 2025	Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.
CVE-2024-0067	Med	0.28	4.3	0.00	Sep 10, 2024	Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2025-22288	Med	0.27	4.1	0.00	Nov 6, 2025	Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0.
CVE-2025-52712	Med	0.27	4.2	0.00	Aug 14, 2025	Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.