CWE-73
External Control of File Name or Path
Description
The product allows user input to control or influence paths or file names that are used in filesystem operations.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80
CVEs mapped to this weakness (245)
page 1 of 13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4634 | Cri | 0.74 | 9.8 | 0.83 | Sep 6, 2023 | The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the… | ||
| CVE-2026-39907 | Cri | 0.65 | 10.0 | 0.01 | Apr 14, 2026 | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak… | ||
| CVE-2024-13984 | Cri | 0.65 | — | 0.01 | Aug 27, 2025 | QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the… | ||
| CVE-2026-39006 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component. | ||
| CVE-2026-45556 | Cri | 0.64 | 9.9 | 0.00 | Jun 10, 2026 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf//<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to… | ||
| CVE-2026-47643 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-9559 | Cri | 0.64 | 9.9 | 0.01 | May 29, 2026 | A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import… | ||
| CVE-2026-30281 | Cri | 0.64 | 9.8 | 0.01 | Mar 31, 2026 | An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | ||
| CVE-2026-30276 | Cri | 0.64 | 9.8 | 0.01 | Mar 31, 2026 | An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | ||
| CVE-2020-37080 | Cri | 0.64 | 9.8 | 0.00 | Feb 3, 2026 | webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on… | ||
| CVE-2025-43951 | Cri | 0.64 | 9.8 | 0.00 | Apr 22, 2025 | LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request parameter. | ||
| CVE-2024-9142 | Cri | 0.64 | 9.8 | 0.00 | Sep 25, 2024 | External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642. | ||
| CVE-2026-8043 | Cri | 0.62 | 9.6 | 0.01 | May 12, 2026 | External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks. | ||
| CVE-2026-30903 | Cri | 0.62 | 9.6 | 0.00 | Mar 11, 2026 | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||
| CVE-2024-1244 | Cri | 0.62 | — | 0.00 | Jun 11, 2025 | Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine… | ||
| CVE-2026-46399 | Cri | 0.61 | — | 0.00 | Jun 5, 2026 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code… | ||
| CVE-2025-64486 | Cri | 0.60 | — | 0.00 | Nov 8, 2025 | calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be… | ||
| CVE-2026-35174 | Cri | 0.59 | 9.1 | 0.01 | Apr 6, 2026 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows… | ||
| CVE-2026-30282 | Cri | 0.59 | 9.0 | 0.00 | Mar 31, 2026 | An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure. | ||
| CVE-2024-5986 | Cri | 0.59 | 9.1 | 0.01 | Feb 2, 2026 | A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the… |
- risk 0.74cvss 9.8epss 0.83
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the…
- risk 0.65cvss 10.0epss 0.01
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak…
- risk 0.65cvss —epss 0.01
QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the…
- risk 0.64cvss 9.8epss 0.01
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
- risk 0.64cvss 9.9epss 0.00
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf//<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to…
- risk 0.64cvss 9.8epss 0.01
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.9epss 0.01
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import…
- risk 0.64cvss 9.8epss 0.01
An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
- risk 0.64cvss 9.8epss 0.01
An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
- risk 0.64cvss 9.8epss 0.00
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on…
- risk 0.64cvss 9.8epss 0.00
LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request parameter.
- risk 0.64cvss 9.8epss 0.00
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642.
- risk 0.62cvss 9.6epss 0.01
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.
- risk 0.62cvss 9.6epss 0.00
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
- risk 0.62cvss —epss 0.00
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine…
- risk 0.61cvss —epss 0.00
HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code…
- risk 0.60cvss —epss 0.00
calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be…
- risk 0.59cvss 9.1epss 0.01
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows…
- risk 0.59cvss 9.0epss 0.00
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
- risk 0.59cvss 9.1epss 0.01
A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the…