CWE-73
External Control of File Name or Path
Description
The product allows user input to control or influence paths or file names that are used in filesystem operations.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80
CVEs mapped to this weakness (245)
page 12 of 13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49138 | — | 0.00 | — | 0.00 | Jun 9, 2025 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by… | ||
| CVE-2025-26646 | 0.00 | — | 0.01 | May 13, 2025 | External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | |||
| CVE-2025-46762 | — | 0.00 | — | 0.01 | May 6, 2025 | Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these… | ||
| CVE-2024-8524 | 0.00 | — | 0.01 | Mar 20, 2025 | A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint. | |||
| CVE-2024-6829 | — | 0.00 | — | 0.01 | Mar 20, 2025 | A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass… | ||
| CVE-2024-8616 | 0.00 | — | 0.01 | Mar 20, 2025 | In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to… | |||
| CVE-2024-10902 | — | 0.00 | — | 0.01 | Mar 20, 2025 | In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of… | ||
| CVE-2023-0092 | 0.00 | — | 0.01 | Jan 31, 2025 | An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. | |||
| CVE-2024-39303 | 0.00 | — | 0.00 | Jul 1, 2024 | Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate… | |||
| CVE-2024-1603 | 0.00 | — | 0.01 | Mar 23, 2024 | paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. | |||
| CVE-2024-23634 | 0.00 | — | 0.01 | Mar 20, 2024 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores… | |||
| CVE-2024-25117 | 0.00 | — | 0.01 | Feb 21, 2024 | php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This… | |||
| CVE-2024-1485 | 0.00 | — | 0.01 | Feb 13, 2024 | A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup… | |||
| CVE-2023-6569 | 0.00 | — | 0.01 | Dec 14, 2023 | External Control of File Name or Path in h2oai/h2o-3 | |||
| CVE-2023-30943 | 0.00 | — | 0.07 | May 2, 2023 | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | |||
| CVE-2023-1070 | 0.00 | — | 0.01 | Feb 27, 2023 | External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. | |||
| CVE-2022-23536 | 0.00 | — | 0.01 | Dec 19, 2022 | Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager… | |||
| CVE-2022-2400 | 0.00 | — | 0.01 | Jul 18, 2022 | External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. | |||
| CVE-2021-21343 | 0.00 | — | 0.47 | Mar 22, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new… | |||
| CVE-2020-8553 | 0.00 | — | 0.01 | Jul 29, 2020 | The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a… |
- CVE-2025-49138Jun 9, 2025risk 0.00cvss —epss 0.00
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by…
- CVE-2025-26646May 13, 2025risk 0.00cvss —epss 0.01
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
- CVE-2025-46762May 6, 2025risk 0.00cvss —epss 0.01
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these…
- CVE-2024-8524Mar 20, 2025risk 0.00cvss —epss 0.01
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.
- CVE-2024-6829Mar 20, 2025risk 0.00cvss —epss 0.01
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass…
- CVE-2024-8616Mar 20, 2025risk 0.00cvss —epss 0.01
In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to…
- CVE-2024-10902Mar 20, 2025risk 0.00cvss —epss 0.01
In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of…
- CVE-2023-0092Jan 31, 2025risk 0.00cvss —epss 0.01
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
- CVE-2024-39303Jul 1, 2024risk 0.00cvss —epss 0.00
Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate…
- CVE-2024-1603Mar 23, 2024risk 0.00cvss —epss 0.01
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
- CVE-2024-23634Mar 20, 2024risk 0.00cvss —epss 0.01
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores…
- CVE-2024-25117Feb 21, 2024risk 0.00cvss —epss 0.01
php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This…
- CVE-2024-1485Feb 13, 2024risk 0.00cvss —epss 0.01
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup…
- CVE-2023-6569Dec 14, 2023risk 0.00cvss —epss 0.01
External Control of File Name or Path in h2oai/h2o-3
- CVE-2023-30943May 2, 2023risk 0.00cvss —epss 0.07
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
- CVE-2023-1070Feb 27, 2023risk 0.00cvss —epss 0.01
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
- CVE-2022-23536Dec 19, 2022risk 0.00cvss —epss 0.01
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager…
- CVE-2022-2400Jul 18, 2022risk 0.00cvss —epss 0.01
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.
- CVE-2021-21343Mar 22, 2021risk 0.00cvss —epss 0.47
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new…
- CVE-2020-8553Jul 29, 2020risk 0.00cvss —epss 0.01
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a…