CVEbaza.plSłownik CWECWE-27
Common Weakness Enumeration

CWE-27

Path Traversal: 'dir/../../filename'

Kategoria: VariantCVE: 27
Opis

Produkt wykorzystuje zewnętrzne dane wejściowe do konstruowania ścieżki pliku, która powinna znajdować się w ograniczonym katalogu, ale nie neutralizuje prawidłowo wielokrotnych sekwencji "../", które mogą prowadzić do lokalizacji poza tym katalogiem.

Description (EN)

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory.

Podatności CVE z CWE-27 (27)
9.8
CVSS
CRITICAL
CVE-2024-27764

Podatność w systemie Jeewms w wersji 3.7 i wcześniejszych umożliwia zdalnemu atakującemu eskalację uprawnień poprzez komponent AuthInterceptor. Ze względu na krytyczny wynik CVSS 9.8 i brak wymogu uwierzytelnienia, podatność stanowi poważne zagrożenie dla systemów dostępnych z sieci.

pub. 2024-03-05
9.8
CVSS
CRITICAL
CVE-2024-21896

Podatność w eksperymentalnym modelu uprawnień (permission model) Node.js pozwala ominąć ochronę przed path traversal poprzez manipulację wewnętrznymi metodami obiektu Buffer. Luka otrzymała ocenę CVSS 9.8 (krytyczną), co wskazuje na możliwość poważnego naruszenia poufności, integralności i dostępności danych.

pub. 2024-02-20
9.8
CVSS
CRITICAL
CVE-2024-23897

Jenkins w wersjach 2.441 i wcześniejszych oraz LTS 2.426.2 i wcześniejszych zawiera krytyczną podatność umożliwiającą nieuwierzytelnionemu atakującemu odczyt dowolnych plików z systemu plików kontrolera Jenkins. Podatność jest aktywnie wykorzystywana i figuruje na liście CISA KEV.

pub. 2024-01-24🚩 CISA KEV⚡ EXPLOIT
9.3
CVSS
CRITICAL
CVE-2023-50254

Deepin Reader (deepin-reader) w wersjach przed 6.0.7 zawiera krytyczną podatność typu path traversal umożliwiającą zdalne wykonanie kodu (RCE). Błąd projektowy pozwala atakującemu na nadpisanie plików systemowych użytkownika za pomocą spreparowanego dokumentu DOCX.

pub. 2023-12-22
9.1
CVSS
CRITICAL
CVE-2026-24457

Podatność w mechanizmie parsowania konfiguracji Eclipse OpenMQ pozwala zdalnemu, nieuwierzytelnionemu atakującemu na odczyt dowolnych plików z systemu operacyjnego hosta brokera MQ. W określonych scenariuszach możliwe jest również zdalne wykonanie kodu (RCE).

pub. 2026-03-05
9.1
CVSS
CRITICAL
CVE-2024-51747

Uwierzytelniony administrator Kanboard może odczytywać i usuwać dowolne pliki na serwerze poprzez nadużycie mechanizmu path traversal w bazie SQLite. Podatność jest groźna, ponieważ pozwala na wyjście poza katalog aplikacji i dostęp do dowolnych plików dostępnych w kontekście uprawnień procesu Kanboard.

pub. 2024-11-11
8.8
CVSS
HIGH
CVE-2025-66518

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue.

pub. 2026-01-05
8.6
CVSS
HIGH
CVE-2025-10438

Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal. This issue affects Yordam Katalog: before 21.7.

pub. 2025-09-25
8.6
CVSS
HIGH
CVE-2025-58761

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `real_pms_image_proxy` endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. The `real_pms_image_proxy` is used to fetch an image directly from the backing Plex Media Server. The image to be fetched is specified through an `img` URL parameter, which can either be a URL or a file path. There is some validation ensuring that `img` begins with the prefix `interfaces/default/images` in order to be served from the local filesystem. However this can be bypassed by passing an `img` parameter which begins with a valid prefix, and then adjoining path traversal characters in order to reach files outside of intended directories. An attacker can exfiltrate files on the application file system, including the `tautulli.db` SQLite database containing active JWT tokens, as well as the `config.ini` file which contains the hashed admin password, the JWT token secret, and the Plex Media Server token and connection details. If the password is cracked, or if a valid JWT token is present in the database, an unauthenticated attacker can escalate their privileges to obtain administrative control over the application. Version 2.16.0 contains a fix for the issue.

pub. 2025-09-09
8.5
CVSS
HIGH
CVE-2024-24809

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.

pub. 2024-04-10
8.5
CVSS
HIGH
CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

pub. 2024-01-25
7.5
CVSS
HIGH
CVE-2024-20348

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure.

pub. 2024-04-03
7.5
CVSS
HIGH
CVE-2023-27588

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch.

pub. 2023-03-14
7.5
CVSS
HIGH
CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

pub. 2022-04-04
7.5
CVSS
HIGH
CVE-2021-35027

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.

pub. 2021-09-29
7.2
CVSS
HIGH
CVE-2024-43658

Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files This issue affects Iocharger firmware for AC model before firmware version 25010801. Likelihood: High, but requires authentication Impact: Critical – The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (VVC:N/VI:H/VA:H), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y).

pub. 2025-01-09
6.7
CVSS
MEDIUM
CVE-2023-20090

A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

pub. 2024-11-15
6.5
CVSS
MEDIUM
CVE-2025-52237

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.

pub. 2025-08-05
6.5
CVSS
MEDIUM
CVE-2023-34125

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

pub. 2023-07-13
6.5
CVSS
MEDIUM
CVE-2023-20127

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.

pub. 2023-04-05
Pokazano 20 z 27 podatności
Informacje
ID: CWE-27
Typ: Variant
Podatności: 27
MITRE CWE ↗
← Słownik CWE