VYPR

CWE-73

External Control of File Name or Path

BaseDraftLikelihood: High

Description

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80

CVEs mapped to this weakness (245)

page 12 of 13
  • CVE-2025-49138Jun 9, 2025
    risk 0.00cvss epss 0.00

    HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by…

  • CVE-2025-26646May 13, 2025
    risk 0.00cvss epss 0.01

    External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

  • CVE-2025-46762May 6, 2025
    risk 0.00cvss epss 0.01

    Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these…

  • CVE-2024-8524Mar 20, 2025
    risk 0.00cvss epss 0.01

    A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.

  • CVE-2024-6829Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass…

  • CVE-2024-8616Mar 20, 2025
    risk 0.00cvss epss 0.01

    In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to…

  • CVE-2024-10902Mar 20, 2025
    risk 0.00cvss epss 0.01

    In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of…

  • CVE-2023-0092Jan 31, 2025
    risk 0.00cvss epss 0.01

    An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

  • CVE-2024-39303Jul 1, 2024
    risk 0.00cvss epss 0.00

    Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate…

  • CVE-2024-1603Mar 23, 2024
    risk 0.00cvss epss 0.01

    paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.

  • CVE-2024-23634Mar 20, 2024
    risk 0.00cvss epss 0.01

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores…

  • CVE-2024-25117Feb 21, 2024
    risk 0.00cvss epss 0.01

    php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This…

  • CVE-2024-1485Feb 13, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup…

  • CVE-2023-6569Dec 14, 2023
    risk 0.00cvss epss 0.01

    External Control of File Name or Path in h2oai/h2o-3

  • CVE-2023-30943May 2, 2023
    risk 0.00cvss epss 0.07

    The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.

  • CVE-2023-1070Feb 27, 2023
    risk 0.00cvss epss 0.01

    External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.

  • CVE-2022-23536Dec 19, 2022
    risk 0.00cvss epss 0.01

    Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager…

  • CVE-2022-2400Jul 18, 2022
    risk 0.00cvss epss 0.01

    External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

  • CVE-2021-21343Mar 22, 2021
    risk 0.00cvss epss 0.47

    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new…

  • CVE-2020-8553Jul 29, 2020
    risk 0.00cvss epss 0.01

    The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a…