CVEbaza.plSłownik CWECWE-26
Common Weakness Enumeration

CWE-26

Path Traversal: '/dir/../filename'

Kategoria: VariantCVE: 17
Opis

Produkt używa zewnętrznego wejścia do konstruowania ścieżki pliku, która powinna znajdować się w ograniczonym katalogu, ale nie neutralizuje prawidłowo sekwencji "/dir/../filename", które mogą prowadzić do lokalizacji poza tym katalogiem. Umożliwia to atakującemu uzyskanie dostępu do plików znajdujących się poza dozwolonym obszarem.

Description (EN)

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.

Podatności CVE z CWE-26 (17)
9.9
CVSS
CRITICAL
CVE-2026-42196

Biblioteka django-s3file przed wersją 7.0.2 zawiera podatność path traversal w komponencie S3FileMiddleware, umożliwiającą atakującemu wyjście poza wyznaczone lokalizacje pre-signed upload na Amazon S3. W zależności od sposobu przetwarzania plików przez aplikację może to prowadzić do naruszenia poufności i integralności danych.

pub. 2026-05-12
9.8
CVSS
CRITICAL
CVE-2024-28064

Podatność klasy path traversal w Kiteworks Totemomail 7.x i 8.x (przed wersją 8.3.0) pozwala nieuwierzytelnionemu atakującemu na odczyt, zapis oraz usuwanie dowolnych plików na serwerze. Krytyczny poziom zagrożenia wynika z braku wymogu uwierzytelnienia oraz pełnego zakresu operacji na systemie plików.

pub. 2024-05-18
9.3
CVSS
CRITICAL
CVE-2023-50255

Deepin-Compressor, domyślny menedżer archiwów systemu Deepin Linux, zawiera podatność typu path traversal umożliwiającą zdalne wykonanie kodu (RCE). Otwarcie przez użytkownika spreparowanego archiwum może doprowadzić do przejęcia kontroli nad systemem.

pub. 2023-12-27
8.8
CVSS
HIGH
CVE-2026-25575

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying unsanitized file keys containing traversal sequences (e.g., ../../) in the JSON payload, an attacker can escape the intended temporary directory and replace public facing images or fill the server's storage. This issue has been patched via commit 86f34c7.

pub. 2026-02-04
8.8
CVSS
HIGH
CVE-2024-29466

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

pub. 2024-04-30
8.7
CVSS
HIGH
CVE-2025-25295

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a `download` function on the `label-studio-sdk` python package, which fails to validate file paths when processing image references during task exports. By creating tasks with path traversal sequences in the image field, an attacker can force the application to read files from arbitrary server filesystem locations when exporting projects in any of the mentioned formats. This is authentication-required vulnerability allowing arbitrary file reads from the server filesystem. It may lead to potential exposure of sensitive information like configuration files, credentials, and confidential data. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it.

pub. 2025-02-14
8.3
CVSS
HIGH
CVE-2025-53908

RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage of passwords and users that may be stored on the system. Versions 3.10.3 and 4.0.0-beta.3 contain a patch.

pub. 2025-07-16
8.1
CVSS
HIGH
CVE-2021-34762

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device.

pub. 2021-10-27
7.8
CVSS
HIGH
CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.

pub. 2024-02-16
7.7
CVSS
HIGH
CVE-2024-5865

Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch.

pub. 2024-07-02
7.5
CVSS
HIGH
CVE-2024-31551

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.

pub. 2024-04-26
7.5
CVSS
HIGH
CVE-2023-25802

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.

pub. 2023-03-13
7.5
CVSS
HIGH
CVE-2021-42021

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.

pub. 2021-11-09
6.5
CVSS
MEDIUM
CVE-2022-45133

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload.

pub. 2025-08-22
6.5
CVSS
MEDIUM
CVE-2024-20345

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.

pub. 2024-03-06
5.3
CVSS
MEDIUM
CVE-2026-46747

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.

pub. 2026-06-09
5.0
CVSS
MEDIUM
CVE-2024-5866

Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.

pub. 2024-07-02
Informacje
ID: CWE-26
Typ: Variant
Podatności: 17
MITRE CWE ↗
← Słownik CWE