CWE-22— Path Traversal
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.— MITRE CWE catalog
8,741 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 50 of 175
- CVE-2018-7212MEDIUMCVSS 5.3EG 5.32018-02-18
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
- CVE-2018-7296MEDIUMCVSS 5.3EG 5.32018-02-22
Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be explo…
- CVE-2018-7300CRITICALCVSS 9.8EG 9.82018-02-22
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability …
- CVE-2018-7422HIGHCVSS 7.5EG 9.02018-03-19
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php…
- CVE-2018-7431MEDIUMCVSS 6.5EG 6.52018-10-23
Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 a…
- CVE-2018-7434MEDIUMCVSS 5.3EG 5.32018-02-24
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.
- CVE-2018-7442CRITICALCVSS 9.1EG 9.12018-02-23
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
- CVE-2018-7467HIGHCVSS 7.5EG 7.52018-02-27
AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.
- CVE-2018-7482HIGHCVSS 7.5EG 7.52018-02-28
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 r…
- CVE-2018-7486HIGHCVSS 7.2EG 7.22018-02-26
Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude(".…
- CVE-2018-7490HIGHCVSS 7.5EG 9.02018-02-26
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
- CVE-2018-7495HIGHCVSS 7.5EG 7.52018-05-15
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external con…
- CVE-2018-7503HIGHCVSS 7.5EG 7.52018-05-15
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transver…
- CVE-2018-7539CRITICALCVSS 9.8EG 9.82018-04-17
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the …
- CVE-2018-7586HIGHCVSS 7.5EG 7.52018-03-01
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
- CVE-2018-7654MEDIUMCVSS 6.5EG 6.52018-03-04
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
- CVE-2018-7669HIGHCVSS 7.5EG 7.52018-04-27
An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating …
- CVE-2018-7705HIGHCVSS 8.1EG 8.12018-03-15
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.
- CVE-2018-7706MEDIUMCVSS 6.5EG 6.52018-03-15
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.
- CVE-2018-7719HIGHCVSS 7.5EG 9.02018-03-25
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.
- CVE-2018-7763MEDIUMCVSS 4.3EG 4.32018-07-03
The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability.
- CVE-2018-7764MEDIUMCVSS 4.3EG 4.32018-07-03
The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet.
- CVE-2018-7770MEDIUMCVSS 6.5EG 6.52018-07-03
The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.
- CVE-2018-7771HIGHCVSS 8.0EG 8.02018-07-03
The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php…
- CVE-2018-7806HIGHCVSS 8.8EG 8.82018-11-30
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal …
- CVE-2018-7807HIGHCVSS 8.8EG 8.82018-11-30
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which cou…
- CVE-2018-7835HIGHCVSS 7.5EG 7.52018-12-24
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.
- CVE-2018-7933HIGHCVSS 7.8EG 7.82018-05-10
Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway produ…
- CVE-2018-8003MEDIUMCVSS 5.3EG 5.32018-05-03
Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server ru…
- CVE-2018-8008MEDIUMCVSS 5.5EG 5.52018-06-05
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, …
- CVE-2018-8009HIGHCVSS 8.8EG 8.82018-11-13
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
- CVE-2018-8041MEDIUMCVSS 5.3EG 5.32018-09-17
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
- CVE-2018-8495HIGHCVSS 7.5EG 7.52018-10-10
A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- CVE-2018-8712CRITICALCVSS 9.8EG 9.82018-03-14
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Uni…
- CVE-2018-8727HIGHCVSS 7.5EG 7.52018-06-19
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver.
- CVE-2018-8741HIGHCVSS 8.8EG 8.82018-03-17
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
- CVE-2018-8780CRITICALCVSS 9.1EG 9.12018-04-03
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintention…
- CVE-2018-8889MEDIUMCVSS 4.7EG 4.72018-09-19
A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.
- CVE-2018-8909HIGHCVSS 7.5EG 7.52018-03-22
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.
- CVE-2018-8965HIGHCVSS 7.5EG 7.52018-03-24
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by del…
- CVE-2018-8968HIGHCVSS 7.5EG 7.52018-03-24
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database acc…
- CVE-2018-8969HIGHCVSS 7.5EG 7.52018-03-24
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access …
- CVE-2018-9010HIGHCVSS 7.2EG 7.22018-03-25
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved vi…
- CVE-2018-9038MEDIUMCVSS 6.5EG 6.52018-04-10
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
- CVE-2018-9074MEDIUMCVSS 6.5EG 6.52018-09-28
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the devic…
- CVE-2018-9109CRITICALCVSS 9.1EG 9.12018-03-28
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the …
- CVE-2018-9110CRITICALCVSS 9.1EG 9.12018-03-28
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the …
- CVE-2018-9117MEDIUMCVSS 5.3EG 5.32018-03-29
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal.
- CVE-2018-9118HIGHCVSS 7.5EG 7.52018-04-12
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.
- CVE-2018-9159MEDIUMCVSS 5.3EG 5.32018-03-31
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ig…
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →