VYPR

CWE-37

Path Traversal: '/absolute/pathname/here'

VariantDraft

Description

The product accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (2)

  • CVE-2018-10498MedSep 24, 2018
    risk 0.36cvss 5.5epss 0.00

    This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2024-12806MedJan 9, 2025
    risk 0.32cvss 4.9epss 0.01

    A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.