CWE-23— Relative Path Traversal
395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-23page 3 of 8
- CVE-2022-34378MEDIUMCVSS 5.5EG 5.52022-09-02
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to d…
- CVE-2022-34836MEDIUMCVSS 5.9EG 8.22022-08-24
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability coul…
- CVE-2022-36081HIGHCVSS 7.5EG 7.52022-09-07
Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists of files located on the server including sensitive data. Version 1.7.…
- CVE-2022-38202HIGHCVSS 7.5EG 7.52022-12-28
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on Arc…
- CVE-2022-38205HIGHCVSS 8.6EG 7.52022-12-29
In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not c…
- CVE-2022-39345CRITICALCVSS 9.8EG 9.82022-10-25
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.…
- CVE-2022-4123LOWCVSS 3.3EG 3.32022-12-08
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
- CVE-2022-41335HIGHCVSS 8.8EG 8.12023-02-16
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2…
- CVE-2022-42470HIGHCVSS 7.8EG 7.82023-04-11
A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specifi…
- CVE-2022-42474MEDIUMCVSS 6.5EG 6.52023-06-13
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2…
- CVE-2022-42476HIGHCVSS 8.2EG 8.22023-03-07
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators t…
- CVE-2022-42892MEDIUMCVSS 5.3EG 5.32022-11-17
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder…
- CVE-2023-0339CRITICALCVSS 9.1EG 9.82023-02-28
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
- CVE-2023-0511CRITICALCVSS 9.1EG 9.82023-02-28
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
- CVE-2023-0745MEDIUMCVSS 6.7EG 9.82023-02-09
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability…
- CVE-2023-1043MEDIUMCVSS 4.3EG 4.32023-02-26
A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to l…
- CVE-2023-1044MEDIUMCVSS 4.3EG 8.82023-02-26
A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path trav…
- CVE-2023-1045LOWCVSS 3.8EG 8.12023-02-26
A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative p…
- CVE-2023-1112MEDIUMCVSS 4.7EG 9.82023-03-01
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_na…
- CVE-2023-20040MEDIUMCVSS 5.5EG 5.52023-01-20
A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vu…
- CVE-2023-20066MEDIUMCVSS 6.5EG 6.52023-03-23
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due …
- CVE-2023-23379HIGHCVSS 7.8EG 6.42023-02-14
Microsoft Defender for IoT Elevation of Privilege Vulnerability
- CVE-2023-23391MEDIUMCVSS 5.5EG 5.52023-03-14
Office for Android Spoofing Vulnerability
- CVE-2023-2356HIGHCVSS 7.5EG 9.02023-04-28
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
- CVE-2023-23778MEDIUMCVSS 4.9EG 6.52023-02-16
A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically cra…
- CVE-2023-23784MEDIUMCVSS 5.7EG 6.52023-02-16
A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests.
- CVE-2023-27993MEDIUMCVSS 6.0EG 6.02023-05-03
A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.
- CVE-2023-2913HIGHCVSS 7.5EG 7.52023-07-18
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal…
- CVE-2023-29189MEDIUMCVSS 5.4EG 5.42023-04-11
SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is expos…
- CVE-2023-30630HIGHCVSS 7.1EG 7.82023-04-13
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately add…
- CVE-2023-31036HIGHCVSS 7.5EG 7.52024-01-12
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path tra…
- CVE-2023-33144MEDIUMCVSS 6.6EG 6.62023-06-14
Visual Studio Code Spoofing Vulnerability
- CVE-2023-34117LOWCVSS 3.3EG 3.32023-07-11
Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.
- CVE-2023-34394HIGHCVSS 7.8EG 7.82023-07-19
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local priv…
- CVE-2023-34990CRITICALCVSS 9.8EG 9.82024-12-18
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
- CVE-2023-3512HIGHCVSS 7.5EG 7.52023-10-04
Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file…
- CVE-2023-35359HIGHCVSS 7.8EG 7.82023-08-08
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-35816LOWCVSS 3.5EG 3.52025-04-28
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.
- CVE-2023-3701CRITICALCVSS 9.9EG 9.92023-10-04
Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible…
- CVE-2023-37288MEDIUMCVSS 6.5EG 6.52023-07-10
SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.
- CVE-2023-37913CRITICALCVSS 9.9EG 9.92023-10-25
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially craf…
- CVE-2023-38185HIGHCVSS 8.8EG 8.82023-08-08
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-3940HIGHCVSS 7.5EG 7.52024-05-21
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly ot…
- CVE-2023-3941CRITICALCVSS 10.0EG 10.02024-05-21
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR…
- CVE-2023-40714CRITICALCVSS 9.9EG 9.92025-04-02
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements
- CVE-2023-42456LOWCVSS 3.1EG 3.12023-09-21
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a c…
- CVE-2023-42783HIGHCVSS 7.5EG 7.52023-11-14
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.
- CVE-2023-42791HIGHCVSS 8.8EG 8.82024-02-20
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP re…
- CVE-2023-46119HIGHCVSS 7.5EG 7.52023-10-25
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.
- CVE-2023-4760HIGHCVSS 7.6EG 7.62023-09-21
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUp…
Map vulnerabilities like CWE-23 to your infrastructure
EchelonGraph correlates every CVE — across CWE-23 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →