CWE-22— Path Traversal
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.— MITRE CWE catalog
8,742 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 55 of 175
- CVE-2019-16985MEDIUMCVSS 6.5EG 6.52019-10-21
In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.
- CVE-2019-16986MEDIUMCVSS 6.5EG 6.52019-10-21
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)
- CVE-2019-16990MEDIUMCVSS 6.5EG 6.52019-10-21
In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.
- CVE-2019-17073MEDIUMCVSS 6.5EG 6.52019-10-01
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
- CVE-2019-17109MEDIUMCVSS 6.5EG 6.52019-10-09
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
- CVE-2019-1717HIGHCVSS 7.5EG 7.52019-05-15
A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handle…
- CVE-2019-17175HIGHCVSS 7.5EG 7.52019-10-04
joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal.
- CVE-2019-17180HIGHCVSS 7.8EG 7.82019-10-04
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevati…
- CVE-2019-17187HIGHCVSS 7.5EG 7.52019-10-08
/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.
- CVE-2019-17199HIGHCVSS 7.5EG 7.52019-10-05
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
- CVE-2019-17224MEDIUMCVSS 5.3EG 5.32019-10-28
The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of th…
- CVE-2019-17311HIGHCVSS 8.8EG 8.82019-10-07
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.
- CVE-2019-17312HIGHCVSS 8.8EG 8.82019-10-07
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.
- CVE-2019-17313HIGHCVSS 8.8EG 8.82019-10-07
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.
- CVE-2019-17314HIGHCVSS 7.2EG 7.22019-10-07
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.
- CVE-2019-17322MEDIUMCVSS 6.5EG 6.52019-10-30
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User inte…
- CVE-2019-17324MEDIUMCVSS 6.5EG 6.52019-10-30
ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. U…
- CVE-2019-17327HIGHCVSS 7.2EG 7.22019-11-08
JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary co…
- CVE-2019-17399CRITICALCVSS 9.8EG 9.82019-10-09
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.
- CVE-2019-17404MEDIUMCVSS 4.3EG 4.32019-11-25
Nokia IMPACT < 18A: allows full path disclosure
- CVE-2019-17406MEDIUMCVSS 5.3EG 5.32019-11-25
Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743
- CVE-2019-17537HIGHCVSS 7.5EG 7.52019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
- CVE-2019-17538HIGHCVSS 7.5EG 9.02019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
- CVE-2019-17572MEDIUMCVSS 5.3EG 5.32020-05-14
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the pa…
- CVE-2019-17640CRITICALCVSS 9.8EG 9.82020-10-15
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Ope…
- CVE-2019-1765HIGHCVSS 8.1EG 6.52019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability …
- CVE-2019-17662CRITICALCVSS 9.8EG 9.82019-10-16
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is s…
- CVE-2019-1785HIGHCVSS 7.8EG 7.82019-04-08
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulne…
- CVE-2019-1818MEDIUMCVSS 6.5EG 6.52019-05-16
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the applicati…
- CVE-2019-18187HIGHCVSS 7.5EG 9.0⚠ KEV2019-10-28
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could poten…
- CVE-2019-18189CRITICALCVSS 9.8EG 9.82019-10-28
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root…
- CVE-2019-1819MEDIUMCVSS 6.5EG 6.52019-05-16
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the applicati…
- CVE-2019-1820MEDIUMCVSS 6.5EG 6.52019-05-16
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the applicati…
- CVE-2019-18212MEDIUMCVSS 6.5EG 6.52019-10-23
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via…
- CVE-2019-18253CRITICALCVSS 10.0EG 10.02019-11-27
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.
- CVE-2019-18338HIGHCVSS 7.7EG 7.72019-12-12
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on port…
- CVE-2019-1835MEDIUMCVSS 4.4EG 4.42019-04-18
A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in speci…
- CVE-2019-1836HIGHCVSS 7.1EG 7.12019-05-03
A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system fil…
- CVE-2019-18371HIGHCVSS 7.5EG 9.02019-10-23
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/c…
- CVE-2019-18393MEDIUMCVSS 5.3EG 5.32019-10-24
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
- CVE-2019-1854MEDIUMCVSS 4.1EG 4.12019-05-03
A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input val…
- CVE-2019-18665HIGHCVSS 7.5EG 7.52019-11-02
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
- CVE-2019-18870MEDIUMCVSS 6.5EG 6.52020-05-07
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.
- CVE-2019-18871HIGHCVSS 8.8EG 8.82020-05-07
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.
- CVE-2019-18922HIGHCVSS 7.5EG 9.02019-11-29
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.
- CVE-2019-18924MEDIUMCVSS 5.3EG 5.32019-11-12
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists.
- CVE-2019-18951HIGHCVSS 7.5EG 7.52019-11-13
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
- CVE-2019-18978MEDIUMCVSS 5.3EG 5.32019-11-14
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
- CVE-2019-19088CRITICALCVSS 9.8EG 9.82020-01-03
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
- CVE-2019-19102MEDIUMCVSS 5.5EG 5.52020-04-29
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as z…
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →