CWE-22— Path Traversal
8,243 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 50 of 165
- CVE-2018-7503HIGHCVSS 7.5EG 7.52018-05-15
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transver…
- CVE-2018-7539CRITICALCVSS 9.8EG 9.82018-04-17
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the …
- CVE-2018-7586HIGHCVSS 7.5EG 7.52018-03-01
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
- CVE-2018-7654MEDIUMCVSS 6.5EG 6.52018-03-04
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
- CVE-2018-7669HIGHCVSS 7.5EG 7.52018-04-27
An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating …
- CVE-2018-7705HIGHCVSS 8.1EG 8.12018-03-15
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.
- CVE-2018-7706MEDIUMCVSS 6.5EG 6.52018-03-15
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.
- CVE-2018-7719HIGHCVSS 7.5EG 9.02018-03-25
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.
- CVE-2018-7763MEDIUMCVSS 4.3EG 4.32018-07-03
The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability.
- CVE-2018-7764MEDIUMCVSS 4.3EG 4.32018-07-03
The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet.
- CVE-2018-7770MEDIUMCVSS 6.5EG 6.52018-07-03
The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.
- CVE-2018-7771HIGHCVSS 8.0EG 8.02018-07-03
The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php…
- CVE-2018-7806HIGHCVSS 8.8EG 8.82018-11-30
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal …
- CVE-2018-7807HIGHCVSS 8.8EG 8.82018-11-30
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which cou…
- CVE-2018-7835HIGHCVSS 7.5EG 7.52018-12-24
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.
- CVE-2018-7933HIGHCVSS 7.8EG 7.82018-05-10
Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway produ…
- CVE-2018-8003MEDIUMCVSS 5.3EG 5.32018-05-03
Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server ru…
- CVE-2018-8008MEDIUMCVSS 5.5EG 5.52018-06-05
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, …
- CVE-2018-8009HIGHCVSS 8.8EG 8.82018-11-13
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
- CVE-2018-8041MEDIUMCVSS 5.3EG 5.32018-09-17
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
- CVE-2018-8495HIGHCVSS 7.5EG 7.52018-10-10
A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- CVE-2018-8712CRITICALCVSS 9.8EG 9.82018-03-14
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Uni…
- CVE-2018-8727HIGHCVSS 7.5EG 7.52018-06-19
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver.
- CVE-2018-8741HIGHCVSS 8.8EG 8.82018-03-17
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
- CVE-2018-8780CRITICALCVSS 9.1EG 9.12018-04-03
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintention…
- CVE-2018-8889MEDIUMCVSS 4.7EG 4.72018-09-19
A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.
- CVE-2018-8909HIGHCVSS 7.5EG 7.52018-03-22
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.
- CVE-2018-8965HIGHCVSS 7.5EG 7.52018-03-24
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by del…
- CVE-2018-8968HIGHCVSS 7.5EG 7.52018-03-24
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database acc…
- CVE-2018-8969HIGHCVSS 7.5EG 7.52018-03-24
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access …
- CVE-2018-9010HIGHCVSS 7.2EG 7.22018-03-25
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved vi…
- CVE-2018-9038MEDIUMCVSS 6.5EG 6.52018-04-10
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
- CVE-2018-9074MEDIUMCVSS 6.5EG 6.52018-09-28
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the devic…
- CVE-2018-9109CRITICALCVSS 9.1EG 9.12018-03-28
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the …
- CVE-2018-9110CRITICALCVSS 9.1EG 9.12018-03-28
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the …
- CVE-2018-9117MEDIUMCVSS 5.3EG 5.32018-03-29
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal.
- CVE-2018-9118HIGHCVSS 7.5EG 7.52018-04-12
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.
- CVE-2018-9159MEDIUMCVSS 5.3EG 5.32018-03-31
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ig…
- CVE-2018-9205HIGHCVSS 7.5EG 7.52018-04-04
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
- CVE-2018-9331HIGHCVSS 7.5EG 7.52018-04-07
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.
- CVE-2018-9445MEDIUMCVSS 6.8EG 6.82018-11-06
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is …
- CVE-2018-9459HIGHCVSS 8.8EG 8.82018-11-06
In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution priv…
- CVE-2018-9850HIGHCVSS 7.5EG 7.52018-04-08
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
- CVE-2018-9851HIGHCVSS 7.5EG 7.52018-04-08
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunctio…
- CVE-2018-9921MEDIUMCVSS 5.3EG 5.32018-04-23
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksu…
- CVE-2019-0074MEDIUMCVSS 5.5EG 5.52019-10-09
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue onl…
- CVE-2019-0191MEDIUMCVSS 6.5EG 6.52019-03-21
Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it do…
- CVE-2019-0194HIGHCVSS 7.5EG 7.52019-04-30
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
- CVE-2019-0207HIGHCVSS 7.5EG 7.52019-09-16
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows pla…
- CVE-2019-0225HIGHCVSS 7.5EG 7.52019-03-28
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →