CWE-22— Path Traversal

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is po…

TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that cont…

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system fil…

Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file ex…

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with…

NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file…

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of th…

Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with spe…

Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the…

Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. A…

** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing…

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versi…

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path t…

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that t…

Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endp…

Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User …

Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite…

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening …

Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file fu…

Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file …

JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, wh…

Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14.

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by…

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.

Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.

The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`

FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents…

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extr…

The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specif…

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a do…

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have…

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have…

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have…

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from …

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerabi…

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the…

Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interactio…

Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite…