VYPR

CWE-73

External Control of File Name or Path

BaseDraftLikelihood: High

Description

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80

CVEs mapped to this weakness (245)

page 5 of 13
  • CVE-2026-43891HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored,…

  • CVE-2026-26157HigFeb 11, 2026
    risk 0.49cvss 7.0epss 0.01

    A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file…

  • CVE-2021-47746HigJan 21, 2026
    risk 0.49cvss 7.5epss 0.01

    NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite…

  • CVE-2025-11451HigNov 11, 2025
    risk 0.49cvss 7.5epss 0.00

    The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aal_ajax_unit_loading' RST API endpoint. This makes it possible for unauthenticated…

  • CVE-2025-48385HigJul 8, 2025
    risk 0.49cvss epss 0.01

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows…

  • CVE-2025-3103HigApr 19, 2025
    risk 0.49cvss 7.5epss 0.00

    The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it…

  • CVE-2024-12036HigMar 7, 2025
    risk 0.49cvss 7.5epss 0.00

    The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of…

  • CVE-2018-7495HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability…

  • CVE-2026-42881HigMay 14, 2026
    risk 0.48cvss epss 0.00

    STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file…

  • CVE-2026-41107HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.01

    External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-43989HigMay 12, 2026
    risk 0.48cvss 8.5epss 0.00

    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format.…

  • CVE-2026-10694HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public…

  • CVE-2026-4132HigApr 22, 2026
    risk 0.47cvss 7.2epss 0.01

    The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hh_htpasswd_path' option and lack of…

  • CVE-2026-31939HigApr 10, 2026
    risk 0.47cvss 8.3epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without canonicalization or traversal…

  • CVE-2026-5210HigMar 31, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used.

  • CVE-2025-66003HigJan 8, 2026
    risk 0.47cvss epss 0.00

    An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.

  • CVE-2025-9529HigAug 27, 2025
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2024-43658HigJan 9, 2025
    risk 0.47cvss epss 0.01

    Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files This issue affects Iocharger firmware for AC model before firmware version 25010801. Likelihood: High, but requires authentication Impact: Critical –…

  • CVE-2026-45089HigMay 27, 2026
    risk 0.46cvss 8.2epss 0.00

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then…

  • CVE-2026-40893HigMay 14, 2026
    risk 0.46cvss 8.2epss 0.00

    Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions…