VYPR

CWE-73

External Control of File Name or Path

BaseDraftLikelihood: High

Description

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80

CVEs mapped to this weakness (245)

page 8 of 13
  • CVE-2024-9275MedSep 27, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack may be initiated remotely.…

  • CVE-2024-23317MedJul 11, 2024
    risk 0.41cvss 6.3epss 0.00

    External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior…

  • CVE-2026-20175MedJun 3, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of…

  • CVE-2026-23898HigApr 1, 2026
    risk 0.40cvss 7.2epss 0.00

    Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.

  • CVE-2026-30940HigMar 31, 2026
    risk 0.40cvss 7.2epss 0.01

    baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../…

  • CVE-2019-25618MedMar 22, 2026
    risk 0.40cvss 6.2epss 0.00

    AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the…

  • CVE-2025-32802MedMay 28, 2025
    risk 0.40cvss 6.1epss 0.00

    Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue…

  • CVE-2024-37295HigJun 11, 2024
    risk 0.40cvss 7.2epss 0.01

    Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web…

  • CVE-2025-52465higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be…

  • CVE-2026-46345higMay 28, 2026
    risk 0.39cvss epss 0.00

    **Relevant Products/Components:** * `trestle/core/commands/author/jinja.py` * `trestle author jinja` --- ## Detailed Description: The `-o/--output` argument in `trestle author jinja` allows writing files outside the intended workspace. The application does not properly…

  • CVE-2026-45725higMay 27, 2026
    risk 0.39cvss epss 0.00

    ## Summary The compliance-trestle library's remote fetching cache mechanism (HTTPSFetcher and SFTPFetcher) constructs the local cache file path from the URL path component without sanitizing path traversal sequences (`../`). When a remote OSCAL profile references a URL with…

  • CVE-2026-44641HigMay 15, 2026
    risk 0.39cvss 7.1epss 0.00

    Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are…

  • CVE-2026-5809HigApr 11, 2026
    risk 0.39cvss 7.1epss 0.01

    The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store…

  • CVE-2026-44019higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact In versions `>= 2.5.0, < 2.74.1`, `docling-core` could allow local `file://` image references and accepted inline `data:` content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by…

  • CVE-2026-47214higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted `file://` URIs enabling local file system access when `enable_local_fetch=True` - Path resolution allowed traversal outside intended directories via `../` sequences and…

  • CVE-2025-29930MedMar 18, 2025
    risk 0.38cvss epss 0.00

    imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $_GET['seoOp'] parameter is manipulated to include malicious input (e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php), the application could…

  • CVE-2026-35593MedMay 20, 2026
    risk 0.37cvss 6.8epss 0.01

    Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the…

  • CVE-2026-42866MedMay 11, 2026
    risk 0.37cvss epss 0.00

    Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helpers open their output as open(f"{user}."), where user comes unsanitized from the -u CLI flag or any line…

  • CVE-2025-13320MedDec 12, 2025
    risk 0.37cvss 6.8epss 0.01

    The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs…

  • CVE-2025-1686MedFeb 27, 2025
    risk 0.37cvss 6.8epss 0.01

    Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag…