CWE-22— Path Traversal
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.— MITRE CWE catalog
8,740 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 48 of 175
- CVE-2018-20470HIGHCVSS 7.5EG 7.52019-06-17
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
- CVE-2018-20525CRITICALCVSS 9.1EG 7.52019-03-21
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
- CVE-2018-20566MEDIUMCVSS 5.3EG 5.32018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.
- CVE-2018-20604MEDIUMCVSS 4.9EG 4.92018-12-30
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file.
- CVE-2018-20610MEDIUMCVSS 4.9EG 4.92018-12-30
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.
- CVE-2018-20626MEDIUMCVSS 6.5EG 6.52019-03-21
PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
- CVE-2018-20628HIGHCVSS 7.5EG 7.52019-03-21
PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
- CVE-2018-20629MEDIUMCVSS 5.3EG 5.32019-03-21
PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
- CVE-2018-20630MEDIUMCVSS 5.3EG 5.32019-03-21
PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
- CVE-2018-20631MEDIUMCVSS 5.3EG 5.32019-03-21
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.
- CVE-2018-20635MEDIUMCVSS 4.3EG 4.32019-03-21
PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
- CVE-2018-20638MEDIUMCVSS 6.5EG 6.52019-03-21
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
- CVE-2018-20643MEDIUMCVSS 6.5EG 6.52019-03-21
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
- CVE-2018-20646MEDIUMCVSS 6.5EG 6.52019-03-21
PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.
- CVE-2018-20647MEDIUMCVSS 6.5EG 6.52019-03-21
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.
- CVE-2018-20714HIGHCVSS 8.1EG 8.12019-01-15
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and the…
- CVE-2018-20769HIGHCVSS 7.5EG 7.52019-02-10
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerabili…
- CVE-2018-20789HIGHCVSS 7.5EG 7.52019-02-25
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
- CVE-2018-20790HIGHCVSS 7.5EG 7.52019-02-25
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
- CVE-2018-20792HIGHCVSS 7.5EG 7.52019-02-25
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
- CVE-2018-20793HIGHCVSS 7.5EG 7.52019-02-25
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
- CVE-2018-20794HIGHCVSS 7.5EG 7.52019-02-25
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
- CVE-2018-20795HIGHCVSS 7.5EG 7.52019-02-25
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
- CVE-2018-2366MEDIUMCVSS 4.3EG 4.32018-03-14
SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the …
- CVE-2018-2367HIGHCVSS 8.8EG 8.82018-03-01
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traver…
- CVE-2018-2380MEDIUMCVSS 6.6EG 9.0⚠ KEV2018-03-01
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
- CVE-2018-25046CRITICALCVSS 9.1EG 9.12022-12-27
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
- CVE-2018-25048HIGHCVSS 8.8EG 8.82023-03-23
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
- CVE-2018-25059LOWCVSS 3.5EG 3.52022-12-30
A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to…
- CVE-2018-25094LOWCVSS 3.5EG 3.52023-12-03
A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/i…
- CVE-2018-25113HIGHCVSS 8.7EG 8.72025-07-23
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request …
- CVE-2018-25124HIGHCVSS 8.7EG 8.72025-11-10
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary …
- CVE-2018-25144HIGHCVSS 8.4EG 5.52025-12-24
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', '…
- CVE-2018-25181HIGHCVSS 7.5EG 7.52026-03-06
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter …
- CVE-2018-25184MEDIUMCVSS 6.2EG 6.22026-03-06
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content …
- CVE-2018-25194HIGHCVSS 8.2EG 8.22026-03-06
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogi…
- CVE-2018-25308HIGHCVSS 8.8EG 8.82026-04-29
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field_hiddenfile and …
- CVE-2018-25311MEDIUMCVSS 6.5EG 6.52026-04-29
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Att…
- CVE-2018-25312MEDIUMCVSS 6.5EG 6.52026-04-29
LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endp…
- CVE-2018-25325HIGHCVSS 7.5EG 7.52026-05-17
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. Attackers can craft POST request…
- CVE-2018-25326HIGHCVSS 7.5EG 7.52026-05-17
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to…
- CVE-2018-25365HIGHCVSS 7.5EG 7.52026-05-25
PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../…
- CVE-2018-25374HIGHCVSS 7.5EG 7.52026-05-25
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with en…
- CVE-2018-25393MEDIUMCVSS 6.5EG 6.52026-05-29
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php…
- CVE-2018-25408HIGHCVSS 7.5EG 7.52026-05-30
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory …
- CVE-2018-25421MEDIUMCVSS 6.5EG 6.52026-05-30
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and …
- CVE-2018-3710HIGHCVSS 7.8EG 7.82018-03-21
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
- CVE-2018-3712MEDIUMCVSS 6.5EG 6.52018-06-07
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
- CVE-2018-3713MEDIUMCVSS 6.5EG 6.52018-06-07
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
- CVE-2018-3714MEDIUMCVSS 6.5EG 6.52018-06-07
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →