VYPR

CWE-73

External Control of File Name or Path

BaseDraftLikelihood: High

Description

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80

CVEs mapped to this weakness (245)

page 9 of 13
  • CVE-2025-0202MedJan 4, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath leads to file inclusion. The real existence of this vulnerability is still doubted…

  • CVE-2026-46397MedJun 5, 2026
    risk 0.35cvss 6.5epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the…

  • CVE-2026-44353MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list…

  • CVE-2026-45008MedMay 15, 2026
    risk 0.35cvss 6.5epss 0.00

    phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to…

  • CVE-2026-39378MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references.…

  • CVE-2026-39377MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment…

  • CVE-2026-33027MedMar 30, 2026
    risk 0.35cvss 6.5epss 0.00

    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and…

  • CVE-2025-1730MedMar 1, 2025
    risk 0.35cvss 6.5epss 0.00

    The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract…

  • CVE-2024-25975MedMay 29, 2024
    risk 0.35cvss 6.5epss 0.01

    The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be…

  • CVE-2025-11738MedOct 18, 2025
    risk 0.34cvss 5.3epss 0.00

    The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the…

  • CVE-2026-0259MedMay 13, 2026
    risk 0.33cvss epss 0.00

    An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS…

  • CVE-2026-41412MedJun 2, 2026
    risk 0.32cvss 4.9epss 0.00

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client (`simpleHttpClient`) into every extension script's scope. The…

  • CVE-2026-26228MedFeb 26, 2026
    risk 0.32cvss 4.9epss 0.00

    VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory…

  • CVE-2025-11973MedNov 21, 2025
    risk 0.32cvss 4.9epss 0.00

    The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above,…

  • CVE-2023-5816MedOct 30, 2024
    risk 0.32cvss 4.9epss 0.01

    The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the…

  • CVE-2026-42597MedMay 14, 2026
    risk 0.31cvss 5.9epss 0.00

    Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so…

  • CVE-2026-41389MedApr 20, 2026
    risk 0.31cvss 5.8epss 0.00

    OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access,…

  • CVE-2025-64714MedNov 13, 2025
    risk 0.31cvss 5.8epss 0.00

    PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If `templateselection` is enabled in the configuration,…

  • CVE-2025-9920MedSep 3, 2025
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2025-53363MedAug 22, 2025
    risk 0.31cvss epss 0.00

    dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in…