CWE-22— Path Traversal
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.— MITRE CWE catalog
8,742 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 56 of 175
- CVE-2019-19141HIGHCVSS 8.8EG 8.82019-12-19
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a vari…
- CVE-2019-19229MEDIUMCVSS 6.5EG 6.52019-12-04
admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.
- CVE-2019-19264HIGHCVSS 7.5EG 7.52019-12-17
In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI.
- CVE-2019-19290MEDIUMCVSS 6.5EG 6.52020-03-10
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authentic…
- CVE-2019-19296MEDIUMCVSS 6.8EG 6.82020-03-10
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an au…
- CVE-2019-19297HIGHCVSS 7.5EG 7.52020-03-10
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthentic…
- CVE-2019-19372HIGHCVSS 7.5EG 7.52019-11-28
A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully work…
- CVE-2019-19374CRITICALCVSS 9.1EG 9.12019-12-11
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior t…
- CVE-2019-19458HIGHCVSS 8.6EG 8.62019-12-03
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
- CVE-2019-19459CRITICALCVSS 9.8EG 9.82019-12-03
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows …
- CVE-2019-19486MEDIUMCVSS 6.5EG 6.52020-03-20
Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test.
- CVE-2019-1952MEDIUMCVSS 6.7EG 6.72019-08-08
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. …
- CVE-2019-19628CRITICALCVSS 9.8EG 9.82020-01-05
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.
- CVE-2019-19683CRITICALCVSS 9.1EG 9.12019-12-09
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.
- CVE-2019-19731HIGHCVSS 7.5EG 7.52019-12-16
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows sho…
- CVE-2019-19781CRITICALCVSS 9.8EG 9.8⚠ KEV2019-12-27
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
- CVE-2019-19790CRITICALCVSS 9.8EG 9.82019-12-13
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: Ra…
- CVE-2019-19834HIGHCVSS 7.2EG 7.22020-01-22
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
- CVE-2019-19845MEDIUMCVSS 5.3EG 5.32019-12-18
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
- CVE-2019-19848HIGHCVSS 7.2EG 7.22019-12-17
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privil…
- CVE-2019-19877MEDIUMCVSS 5.3EG 5.32020-11-27
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerabili…
- CVE-2019-19893HIGHCVSS 7.5EG 7.52020-01-23
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM.
- CVE-2019-20085HIGHCVSS 7.5EG 9.0⚠ KEV2019-12-30
TVT NVMS-1000 devices allow GET /.. Directory Traversal
- CVE-2019-20354MEDIUMCVSS 4.3EG 4.32020-01-06
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this i…
- CVE-2019-20851CRITICALCVSS 9.1EG 9.12020-06-19
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.
- CVE-2019-20916HIGHCVSS 7.5EG 7.52020-09-04
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys fil…
- CVE-2019-25053HIGHCVSS 7.5EG 7.52023-01-27
A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL.
- CVE-2019-25073HIGHCVSS 7.5EG 7.52022-12-27
Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.
- CVE-2019-25087MEDIUMCVSS 5.3EG 7.52022-12-27
A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri l…
- CVE-2019-25097MEDIUMCVSS 5.5EG 9.82023-01-05
A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected by this issue is some unknown functionality of the component Directory Content Handler. The manipulation leads to path traversal. Upgrading t…
- CVE-2019-25098MEDIUMCVSS 5.5EG 9.82023-01-05
A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgr…
- CVE-2019-25099MEDIUMCVSS 5.5EG 5.32023-01-06
A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The patch is identified as ea4f61e23ecb8324…
- CVE-2019-25213CRITICALCVSS 9.8EG 9.82024-10-16
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attacker…
- CVE-2019-25246HIGHCVSS 8.8EG 8.82025-12-24
Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD …
- CVE-2019-25256MEDIUMCVSS 6.5EG 6.52025-12-24
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts…
- CVE-2019-25258HIGHCVSS 7.5EG 7.52025-12-24
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traver…
- CVE-2019-25295MEDIUMCVSS 6.5EG 6.52026-01-08
The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.
- CVE-2019-25333HIGHCVSS 7.5EG 7.52026-02-12
Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET …
- CVE-2019-25352HIGHCVSS 7.5EG 7.52026-02-18
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root a…
- CVE-2019-25471CRITICALCVSS 9.8EG 9.82026-03-11
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip fun…
- CVE-2019-25480HIGHCVSS 7.5EG 7.52026-03-11
ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with t…
- CVE-2019-25577MEDIUMCVSS 5.5EG 5.52026-03-21
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/b…
- CVE-2019-25610MEDIUMCVSS 6.5EG 6.52026-03-22
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter wi…
- CVE-2019-25671HIGHCVSS 8.8EG 8.82026-04-05
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.p…
- CVE-2019-25687CRITICALCVSS 9.8EG 9.82026-04-05
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to …
- CVE-2019-25727CRITICALCVSS 9.8EG 9.82026-06-04
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php e…
- CVE-2019-25734MEDIUMCVSS 4.0EG 4.02026-06-04
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can cr…
- CVE-2019-25740MEDIUMCVSS 6.5EG 6.52026-06-04
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path t…
- CVE-2019-3394HIGHCVSS 8.8EG 8.82019-08-29
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <ins…
- CVE-2019-3396CRITICALCVSS 9.8EG 9.8⚠ KEV2019-03-25
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x…
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →