CWE-22— Path Traversal
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.— MITRE CWE catalog
8,741 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 51 of 175
- CVE-2018-9205HIGHCVSS 7.5EG 7.52018-04-04
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
- CVE-2018-9331HIGHCVSS 7.5EG 7.52018-04-07
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.
- CVE-2018-9445MEDIUMCVSS 6.8EG 6.82018-11-06
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is …
- CVE-2018-9459HIGHCVSS 8.8EG 8.82018-11-06
In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution priv…
- CVE-2018-9850HIGHCVSS 7.5EG 7.52018-04-08
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
- CVE-2018-9851HIGHCVSS 7.5EG 7.52018-04-08
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunctio…
- CVE-2018-9921MEDIUMCVSS 5.3EG 5.32018-04-23
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksu…
- CVE-2019-0074MEDIUMCVSS 5.5EG 5.52019-10-09
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue onl…
- CVE-2019-0191MEDIUMCVSS 6.5EG 6.52019-03-21
Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it do…
- CVE-2019-0194HIGHCVSS 7.5EG 7.52019-04-30
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
- CVE-2019-0207HIGHCVSS 7.5EG 7.52019-09-16
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows pla…
- CVE-2019-0225HIGHCVSS 7.5EG 7.52019-03-28
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
- CVE-2019-0226MEDIUMCVSS 4.9EG 4.92019-05-09
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesy…
- CVE-2019-0887HIGHCVSS 8.0EG 8.02019-07-15
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
- CVE-2019-1000008MEDIUMCVSS 6.5EG 6.52019-02-04
All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can r…
- CVE-2019-1000009MEDIUMCVSS 6.5EG 6.52019-02-04
Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be u…
- CVE-2019-10009MEDIUMCVSS 6.5EG 6.52019-06-03
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can …
- CVE-2019-10038HIGHCVSS 7.8EG 7.82019-05-31
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.
- CVE-2019-1010151CRITICALCVSS 9.8EG 9.82019-07-19
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php.
- CVE-2019-1010205HIGHCVSS 7.5EG 7.52019-07-23
LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file (with a fixed extension) on the server. The component is: …
- CVE-2019-1010257CRITICALCVSS 9.1EG 9.12019-03-27
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose…
- CVE-2019-10137HIGHCVSS 8.1EG 9.82019-07-02
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they hav…
- CVE-2019-10152HIGHCVSS 7.2EG 7.22019-07-30
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to b…
- CVE-2019-10161HIGHCVSS 7.8EG 7.82019-07-30
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd proces…
- CVE-2019-10167HIGHCVSS 7.8EG 7.82019-08-02
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that pro…
- CVE-2019-10168HIGHCVSS 7.8EG 7.82019-08-02
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libv…
- CVE-2019-10182HIGHCVSS 8.2EG 6.52019-07-31
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary fi…
- CVE-2019-10185HIGHCVSS 8.6EG 8.62019-07-31
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to r…
- CVE-2019-10197MEDIUMCVSS 6.5EG 9.12019-09-03
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape …
- CVE-2019-1020001HIGHCVSS 7.5EG 7.52019-07-29
yard before 0.9.20 allows path traversal.
- CVE-2019-10218MEDIUMCVSS 6.5EG 6.52019-11-06
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside…
- CVE-2019-10220HIGHCVSS 8.8EG 8.82019-11-27
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
- CVE-2019-10242MEDIUMCVSS 5.3EG 5.32019-04-09
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
- CVE-2019-10257HIGHCVSS 7.5EG 7.52019-06-19
Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this v…
- CVE-2019-10265HIGHCVSS 7.5EG 7.52019-07-26
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can br…
- CVE-2019-10352MEDIUMCVSS 6.5EG 6.52019-07-17
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name out…
- CVE-2019-10375MEDIUMCVSS 6.5EG 6.52019-08-07
An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.
- CVE-2019-10632MEDIUMCVSS 6.5EG 6.52019-04-09
A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files.
- CVE-2019-10717HIGHCVSS 7.1EG 7.12019-07-03
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
- CVE-2019-10719HIGHCVSS 8.8EG 8.82019-06-21
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an i…
- CVE-2019-10720HIGHCVSS 8.8EG 8.82019-06-21
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
- CVE-2019-10743MEDIUMCVSS 5.5EG 5.52019-10-29
All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archi…
- CVE-2019-10765CRITICALCVSS 9.8EG 9.82019-11-20
iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory.
- CVE-2019-10767HIGHCVSS 7.5EG 7.52019-11-21
An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:**…
- CVE-2019-10869HIGHCVSS 8.1EG 8.12019-05-07
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the i…
- CVE-2019-10934HIGHCVSS 7.8EG 7.82020-01-16
A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions < V16 Update 6), TIA Portal V17 (All versions < V17 Update 4). Changing the contents of a co…
- CVE-2019-10945CRITICALCVSS 9.8EG 9.82019-04-10
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
- CVE-2019-10985CRITICALCVSS 9.1EG 9.12019-06-28
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files whil…
- CVE-2019-11013MEDIUMCVSS 6.5EG 9.02019-08-22
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on…
- CVE-2019-11029HIGHCVSS 7.5EG 7.52019-08-22
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system f…
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →