Przykłady dla CWE-22: Improper Limitation of a Pathname to a Restricted Directory...

	Tytuł	Data	Autor
High	OpenClinic GA 5.247.01 Path Traversal (Authenticated)	15.04.2024	V. B.
Med.	BioTime Directory Traversal / Remote Code Execution	01.04.2024	w3bd3vil
Med.	TYPO3 11.5.24 Path Traversal (Authenticated)	20.03.2024	Saeed reza Zamanian
Med.	Automatic-Systems SOC FL9600 FastLine Directory Traversal	27.02.2024	Marcin Kozlowski
Med.	TYPO3 11.5.24 Path Traversal	20.12.2023	Saeed reza Zamanian
Med.	WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion	27.10.2023	Marco Wotschka
Med.	Automatic-Systems SOC FL9600 FastLine - Directory Transversal	17.10.2023	Cqure
Med.	Minio 2022-07-29T19-40-48Z Path Traversal	10.10.2023	Jenson Zhao
Med.	TECHView LA5570 Wireless Gateway 1.0.19_T53 Traversal / Privilege Escalation	09.09.2023	The Security Team
Med.	TP-Link TL-WR740N Directory Traversal	21.07.2023	Anish Feroz
Med.	Thruk Monitoring Web Interface 3.06 Path Traversal	10.06.2023	Galoget Latorre
Med.	CloudPanel 2.2.2 Privilege Escalation / Path Traversal	07.06.2023	EagleEye
High	Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI	06.04.2023	Kahvi-0
High	Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal	24.02.2023	Eric Flokstra
Med.	py7zr 0.20.0 Directory Traversal	07.12.2022	Matteo Cosentino
Med.	Drupal H5P Module 2.0.0 Zip Slip Traversal	05.12.2022	EgiX
Med.	Payara Platform Path Traversal	15.11.2022	Michael Baer
Med.	Carel pCOWeb HVAC BACnet Gateway 2.1.0 Directory Traversal	12.11.2022	LiquidWorm
Med.	AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal	12.11.2022	Jens Regel
Med.	Webile 1.0.1 Directory Traversal	17.10.2022	Vulnerability Laborato...
High	Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion	20.09.2022	Chokri Hammedi
Med.	FTPManager 8.2 Local File Inclusion / Directory Traversal	07.09.2022	Chokri Hammedi
Med.	Zimbra Zip Path Traversal	24.08.2022	Ron Bowes
Med.	CuteEditor For PHP 6.6 Directory Traversal	08.08.2022	Stefan Hesselman
High	Zimbra UnRAR Path Traversal	08.08.2022	Ron Bowes
Med.	Omnia MPX 1.5.0+r1 Path Traversal	02.08.2022	Momen Eldawakhly
Med.	uftpd 2.10 Directory Traversal	02.08.2022	Aaron Esau
Med.	Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal	04.07.2022	LiquidWorm
Med.	SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal	22.06.2022	Yvan Genuer
Med.	SolarView Compact 6.00 Directory Traversal	04.06.2022	Ahmed Alroky
Low	WordPress User Meta Lite / Pro 2.4.3 Path Traversal	31.05.2022	Julien Ahrens
Med.	Bookeen Notea Directory Traversal	29.05.2022	Clement MAILLIOUX
Med.	Barco Control Room Management Suite Directory Traversal	04.04.2022	Murat Aydemir
Med.	IdeaRE RefTree Path Traversal	31.03.2022	Savino Sisco
Med.	Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal	30.03.2022	EgiX
Med.	Xerte 3.10.3 Directory Traversal	02.03.2022	Rik Lutz
Med.	Kyocera Command Center RX ECOSYS M2035dn Directory Traversal File Disclosure (Unauthenticated)	14.02.2022	Luis Martinez
Med.	Kyocera Command Center RX ECOSYS M2035dn Directory Traversal	12.02.2022	Luis Martinez
Med.	Ethercreative Logs 3.0.3 Path Traversal	26.01.2022	Steffen Rogge
Med.	CoreFTP Server Build 725 Directory Traversal	10.01.2022	LiamInfosec
Med.	Grafana 8.3.0 Directory Traversal / Arbitrary File Read	09.12.2021	s1gh
High	Aviatrix Controller 6.x Path Traversal / Code Execution	11.10.2021	0xJoyGhosh
Med.	Apache HTTP Server 2.4.49 Path Traversal	06.10.2021	Lucas Souza
Med.	ECOA Building Automation System Directory Traversal	13.09.2021	Neurogenesia
Med.	Umbraco CMS 8.9.1 Path traversal and Arbitrary File Write (Authenticated)	13.09.2021	BitTheByte
Med.	Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal	06.09.2021	Heiko Feldhusen
Med.	OpenSIS 8.0 modname Directory/Path Traversal	05.09.2021	Eric Salario
Med.	OpenSIS 8.0 Directory Traversal	04.09.2021	Eric Salario
High	KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure	21.07.2021	LiquidWorm
Med.	WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 Directory Traversal	07.07.2021	TheSmuggler
Med.	Pallets Werkzeug 0.15.4 Path Traversal	07.07.2021	faisalfs10x
Med.	OpenEMR 5.0.1.7 fileName Path Traversal (Authenticated)	29.06.2021	Ron Jost
Med.	Trixbox 2.8.0.4 Path Traversal	30.05.2021	Ron Jost
High	Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal	25.05.2021	Emir Polat
Med.	Mini Mouse 9.2.0 Path Traversal	05.04.2021	gosh
Med.	WordPress Delightful Downloads Jquery File Tree 1.6.6 Path Traversal	22.03.2021	Nicholas Ferreira
Med.	Fluig 1.7.0 Path Traversal	05.03.2021	Lucas Souza
Med.	Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal	27.02.2021	SQSamir
Med.	orart Remote File Inculsion Vulnerability [ RFI ]	22.02.2021	h4shur
Med.	SolarWinds Serv-U FTP Server 15.2.1 Path Traversal	13.02.2021	Jack Misiura
Med.	Home Assistant Community Store 1.10.0 Path Traversal	29.01.2021	Lyghtnox
High	Selea Targa IP OCR-ANPR Camera Directory Traversal	22.01.2021	LiquidWorm
Med.	Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal	08.01.2021	SunCSR
Med.	Responsive FileManager 9.13.4 Path Traversal	05.01.2021	SunCSR
Med.	WordPress Duplicator 1.3.26 Directory Traversal / File Read	03.01.2021	Hoa Nguyen
Med.	Rocket.Chat Path Traversal	23.12.2020	Moe Szyslak
Med.	Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal	15.12.2020	Freakyclown
Low	Advanced Component System (ACS) 1.0 Path Traversal	13.12.2020	Francisco Javier Santi...
Low	Huawei HedEx Lite (DM) Path Traversal	04.12.2020	S.AbenMassaoud
High	Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion	04.12.2020	LiquidWorm
High	TestBox CFML Test Framework 4.1.0 Directory Traversal	21.11.2020	Darren King
Med.	PMB 5.6 Local File Disclosure / Directory Traversal	16.11.2020	41-trk
Med.	SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities	13.11.2020	h4shur
Med.	ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure	05.11.2020	LiquidWorm
High	HiSilicon Video Encoder 1.97 File Disclosure / Path Traversal	19.10.2020	Alexei Kojenov
Med.	ReQuest Serious Play Media Player 3.0 File Disclosure / Path Traversal	19.10.2020	LiquidWorm
Med.	Cisco ASA and FTD 9.6.4.42 Path Traversal	14.10.2020	3ndG4me
High	Garfield Petshop 2020-10-01 Cross Site Request Forgery	09.10.2020	Ramdan Yantu
Med.	Karel IP Phone IP1211 Web Management Panel Directory Traversal	07.10.2020	Berat Gokberk ISLER
Med.	Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal	20.08.2020	Tuygun
Med.	October CMS <= Build 465 Multiple Vulnerabilities	03.08.2020	Sivanesh Ashok
Med.	Files 4 Client Pro - Easy File Transfer v1.2.2 - Path Traversal	30.07.2020	Vlad Vector
Med.	Bludit 3.9.2 Directory Traversal	30.07.2020	James Green
Med.	Zyxel Armor X1 WAP6806 Directory Traversal	15.07.2020	Rajivarnan R
High	ATutor 2.2.4 Directory Traversal / Remote Code Execution	01.07.2020	liquidsky
Med.	Zyxel Armor X1 Model:WAP6806 - Directory Traversal	30.06.2020	Rajivarnan R
Med.	Cisco AnyConnect Path Traversal / Privilege Escalation	25.06.2020	Yorick Koster
Med.	OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal	18.06.2020	Raif Berkay Dincel
Med.	MJML 4.6.2 Path Traversal	17.06.2020	Julien Ahrens
Med.	Navigate CMS 2.8.7 Authenticated Directory Traversal	10.06.2020	Gus Ralph
Med.	photobucket Library Slideshow - Remote File Inclusion	24.05.2020	h4shur
High	ManageEngine DataSecurity Plus Path Traversal / Code Execution	12.05.2020	Sahil Dhar
Med.	Booked Scheduler 2.7.7 Directory Traversal	09.05.2020	Besim Altinok
High	SimplePHPGal 0.7 Remote File Inclusion	06.05.2020	h4shur
Med.	Zen Load Balancer 3.10.1 Directory Traversal (Metasploit)	02.05.2020	Dhiraj Mishra
High	Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload	30.04.2020	Balazs Hambalko
Med.	Easy Transfer 1.7 Cross Site Scripting / Directory Traversal	28.04.2020	Benjamin Kunz Mejri
Med.	Sky File 2.1.0 Cross Site Scripting / Directory Traversal	21.04.2020	Benjamin Kunz Mejri
Low	QRadar Community Edition 7.3.1.6 Path Traversal	21.04.2020	Yorick Koster
Med.	Zen Load Balancer 3.10.1 Directory Traversal	11.04.2020	Basim Alabdullah

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-04-24

CVE-2022-45852

Updating...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5.

2024-04-18

	CVE-2023-50885	Updating...	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14.
	CVE-2023-47843	Updating...	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.

2024-04-17

	CVE-2024-1132	Updating...	A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
	CVE-2024-28073	Updating...	SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.

2024-04-16

CVE-2024-3571	Updating...	langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.
CVE-2024-1961	Updating...	vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifact_path' parameter. This flaw can lead to Remote Code Execution (RCE) by overwriting critical files, such as the application's configuration file, especially when the application is run outside of Docker. The vulnerability is present in the NFSController.java and NFSService.java components of the application.
CVE-2024-1594	Updating...	A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.
CVE-2024-1593	Updating...	A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise.
CVE-2024-1558	Updating...	A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that bypasses the `_validate_non_local_source_contains_relative_paths(source)` function's checks, allowing for arbitrary file read access on the server. The issue arises from the handling of unquoted URL characters and the subsequent misuse of the original `source` value for model version creation, leading to the exposure of sensitive files when interacting with the `/model-versions/get-artifact` handler.

15.04.2024

01.04.2024

20.03.2024

27.02.2024

20.12.2023

27.10.2023

17.10.2023

10.10.2023

09.09.2023

21.07.2023

10.06.2023

07.06.2023

06.04.2023

24.02.2023

07.12.2022

05.12.2022

15.11.2022

12.11.2022

12.11.2022

17.10.2022

20.09.2022

07.09.2022

24.08.2022

08.08.2022

08.08.2022

02.08.2022

02.08.2022

04.07.2022

22.06.2022

04.06.2022

31.05.2022

29.05.2022

04.04.2022

31.03.2022

30.03.2022

02.03.2022

14.02.2022

12.02.2022

26.01.2022

10.01.2022

09.12.2021

11.10.2021

06.10.2021

13.09.2021

13.09.2021

06.09.2021

05.09.2021

04.09.2021

21.07.2021

07.07.2021

07.07.2021

29.06.2021

30.05.2021

25.05.2021

05.04.2021

22.03.2021

05.03.2021

27.02.2021

22.02.2021

13.02.2021

29.01.2021

22.01.2021

08.01.2021

05.01.2021

03.01.2021

23.12.2020

15.12.2020

13.12.2020

04.12.2020

04.12.2020

21.11.2020

16.11.2020

13.11.2020

05.11.2020

19.10.2020