CWE-22— Path Traversal
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.— MITRE CWE catalog
8,753 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 65 of 176
- CVE-2020-26837CRITICALCVSS 9.1EG 9.12020-12-09
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of th…
- CVE-2020-27128MEDIUMCVSS 6.5EG 6.52020-11-06
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to…
- CVE-2020-27160CRITICALCVSS 9.8EG 9.82020-10-27
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).
- CVE-2020-27304CRITICALCVSS 9.8EG 9.82021-10-21
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file u…
- CVE-2020-27385HIGHCVSS 8.1EG 8.12020-11-12
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory…
- CVE-2020-27467HIGHCVSS 7.5EG 9.02022-02-24
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.
- CVE-2020-27514CRITICALCVSS 9.1EG 9.12023-08-11
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).
- CVE-2020-27534MEDIUMCVSS 5.3EG 5.32020-12-30
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
- CVE-2020-27553HIGHCVSS 7.5EG 7.52020-11-17
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” fo…
- CVE-2020-27637CRITICALCVSS 9.8EG 9.82021-01-12
The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.pa…
- CVE-2020-27730CRITICALCVSS 9.8EG 9.82020-12-11
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
- CVE-2020-27859HIGHCVSS 7.5EG 7.52021-01-20
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogD…
- CVE-2020-27870MEDIUMCVSS 6.5EG 6.52021-02-10
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportT…
- CVE-2020-27871HIGHCVSS 7.2EG 9.02021-02-10
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism …
- CVE-2020-27896MEDIUMCVSS 5.5EG 5.52020-12-08
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system.
- CVE-2020-27993MEDIUMCVSS 5.3EG 5.32020-10-29
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.
- CVE-2020-27994MEDIUMCVSS 6.5EG 6.52021-02-03
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
- CVE-2020-28187CRITICALCVSS 9.8EG 9.82020-12-24
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event pa…
- CVE-2020-28337HIGHCVSS 7.2EG 7.22021-02-15
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the crede…
- CVE-2020-28348MEDIUMCVSS 6.5EG 6.52020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
- CVE-2020-28374HIGHCVSS 8.1EG 8.12021-01-13
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka C…
- CVE-2020-28574HIGHCVSS 7.5EG 7.52020-11-18
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on t…
- CVE-2020-28993HIGHCVSS 7.5EG 7.52020-12-01
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credent…
- CVE-2020-29026CRITICALCVSS 9.0EG 9.02021-02-15
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects:…
- CVE-2020-29050HIGHCVSS 7.5EG 7.52022-01-10
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in th…
- CVE-2020-29134HIGHCVSS 8.6EG 8.62021-03-05
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
- CVE-2020-29166HIGHCVSS 7.5EG 7.52021-02-03
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
- CVE-2020-29373MEDIUMCVSS 6.5EG 6.52020-11-28
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b3…
- CVE-2020-29453MEDIUMCVSS 5.3EG 9.02021-02-22
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF…
- CVE-2020-29494HIGHCVSS 8.7EG 8.72021-01-14
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server fil…
- CVE-2020-29495CRITICALCVSS 10.0EG 10.02021-01-14
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS …
- CVE-2020-29529HIGHCVSS 7.5EG 7.52020-12-03
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
- CVE-2020-29555HIGHCVSS 8.1EG 8.12021-03-15
The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an un…
- CVE-2020-29556MEDIUMCVSS 5.5EG 5.52021-03-15
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unau…
- CVE-2020-29600CRITICALCVSS 9.8EG 9.82020-12-07
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-100…
- CVE-2020-3130MEDIUMCVSS 6.5EG 6.52020-09-23
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker …
- CVE-2020-3143HIGHCVSS 7.2EG 7.22020-09-23
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directo…
- CVE-2020-3177HIGHCVSS 7.5EG 7.52020-04-15
A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker t…
- CVE-2020-3187CRITICALCVSS 9.1EG 9.12020-05-06
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and …
- CVE-2020-3236MEDIUMCVSS 6.7EG 6.72020-06-18
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacke…
- CVE-2020-3239HIGHCVSS 8.8EG 8.82020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
- CVE-2020-3241MEDIUMCVSS 6.5EG 6.52020-06-18
A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied i…
- CVE-2020-3247CRITICALCVSS 9.8EG 9.82020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
- CVE-2020-3248CRITICALCVSS 9.8EG 9.82020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
- CVE-2020-3249HIGHCVSS 7.5EG 7.52020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
- CVE-2020-3251HIGHCVSS 8.8EG 8.82020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
- CVE-2020-3252MEDIUMCVSS 6.5EG 6.52020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
- CVE-2020-3365MEDIUMCVSS 4.3EG 4.32020-09-04
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vuln…
- CVE-2020-3381HIGHCVSS 8.8EG 8.82020-07-16
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system.…
- CVE-2020-3383HIGHCVSS 8.8EG 8.82020-07-31
A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper inp…
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →