VYPR

CWE-35

Path Traversal: '.../...//'

VariantIncomplete

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (119)

page 5 of 6
  • CVE-2024-56213MedDec 31, 2024
    risk 0.42cvss 6.5epss 0.01

    Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.7.

  • CVE-2024-54313MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.01

    Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25.

  • CVE-2024-41972MedNov 18, 2024
    risk 0.42cvss 6.5epss 0.01

    A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.

  • CVE-2024-49258MedOct 16, 2024
    risk 0.42cvss 6.5epss 0.01

    Path Traversal: '.../...//' vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through <= 1.5.7.

  • CVE-2024-38706MedJul 12, 2024
    risk 0.42cvss 6.5epss 0.01

    Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.5.7.

  • CVE-2025-26940MedMar 15, 2025
    risk 0.41cvss 6.3epss 0.00

    Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.

  • CVE-2025-0858MedFeb 5, 2025
    risk 0.38cvss epss 0.00

    A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure.

  • CVE-2024-7608MedAug 27, 2024
    risk 0.38cvss 5.9epss 0.00

    An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.

  • CVE-2025-66004MedDec 10, 2025
    risk 0.37cvss 5.7epss 0.00

    A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.

  • CVE-2024-5481MedJun 7, 2024
    risk 0.37cvss 6.8epss 0.01

    The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of…

  • CVE-2024-2654MedApr 9, 2024
    risk 0.37cvss 6.8epss 0.01

    The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary…

  • CVE-2025-27445MedJun 5, 2025
    risk 0.35cvss 5.4epss 0.00

    A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file…

  • CVE-2025-30966MedApr 15, 2025
    risk 0.35cvss 5.4epss 0.00

    Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.

  • CVE-2025-69325MedFeb 20, 2026
    risk 0.34cvss 5.3epss 0.00

    Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.

  • CVE-2025-48081MedAug 27, 2025
    risk 0.34cvss 5.3epss 0.00

    Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0.

  • CVE-2025-46441MedMay 19, 2025
    risk 0.34cvss 5.3epss 0.00

    Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1.

  • CVE-2026-32415MedMar 13, 2026
    risk 0.33cvss 5.0epss 0.00

    Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.

  • CVE-2025-64253MedDec 16, 2025
    risk 0.32cvss 4.9epss 0.00

    Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.

  • CVE-2025-39598MedApr 16, 2025
    risk 0.32cvss 4.9epss 0.01

    Path Traversal: '.../...//' vulnerability in Quý Lê 91 Administrator Z administrator-z allows Path Traversal.This issue affects Administrator Z: from n/a through <= 2025.03.28.

  • CVE-2025-27274MedMar 3, 2025
    risk 0.32cvss 4.9epss 0.00

    Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through <= 2.2.11.