CVEbaza.plSłownik CWECWE-706
Common Weakness Enumeration

CWE-706

Use of Incorrectly-Resolved Name or Reference

Kategoria: ClassCVE: 123
Opis

Produkt używa nazwy lub odniesienia w celu uzyskania dostępu do zasobu, ale nazwa/odniesienie rozwiązuje się do zasobu znajdującego się poza zamierzoną sferą kontroli. Prowadzi to do dostępu do niezamierzonych zasobów i potencjalnych naruszeń bezpieczeństwa.

Description (EN)

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

Podatności CVE z CWE-706 (123)
9.8
CVSS
CRITICAL
CVE-2025-65474

Podatność w komponencie /admin/manager.php aplikacji EasyImages 2.0 (wersje 2.8.6 i wcześniejsze) umożliwia atakującemu wykonanie dowolnego kodu na serwerze. Wynika ona z braku właściwej walidacji operacji przemianowania plików, co pozwala na obejście zabezpieczeń i uruchomienie złośliwego kodu.

pub. 2025-12-11
9.8
CVSS
CRITICAL
CVE-2025-24813

Podatność w Apache Tomcat pozwala nieuwierzytelnionemu atakującemu na zdalne wykonanie kodu (RCE) lub ujawnienie wrażliwych plików poprzez mechanizm Path Equivalence z wewnętrzną kropką w nazwie pliku. Błąd jest aktywnie wykorzystywany w atakach i otrzymał ocenę CVSS 9.8 (CRITICAL).

pub. 2025-03-10🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2024-35198

Podatność w TorchServe pozwala atakującemu ominąć mechanizm kontroli dozwolonych adresów URL (allowed_urls) poprzez użycie znaków takich jak ".." w adresie URL. Jest to groźne, ponieważ umożliwia pobranie i załadowanie nieautoryzowanych modeli do środowiska produkcyjnego bez żadnych uprawnień.

pub. 2024-07-19
9.8
CVSS
CRITICAL
CVE-2023-31814

D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.

pub. 2023-05-23
9.8
CVSS
CRITICAL
CVE-2022-30257

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.

pub. 2022-11-21
9.8
CVSS
CRITICAL
CVE-2022-30258

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.

pub. 2022-11-21
9.8
CVSS
CRITICAL
CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

pub. 2021-09-07🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2020-23448

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.

pub. 2021-01-26
9.8
CVSS
CRITICAL
CVE-2020-15505

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.

pub. 2020-07-07🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2020-12278

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.

pub. 2020-04-27
9.8
CVSS
CRITICAL
CVE-2020-12279

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.

pub. 2020-04-27
9.8
CVSS
CRITICAL
CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.

pub. 2020-03-14
9.8
CVSS
CRITICAL
CVE-2019-8908

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.

pub. 2019-02-18
9.8
CVSS
CRITICAL
CVE-2019-8395

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.

pub. 2019-02-17
9.8
CVSS
CRITICAL
CVE-2019-7731

MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.

pub. 2019-02-11
9.1
CVSS
CRITICAL
CVE-2026-35039

Biblioteka fast-jwt (implementacja JSON Web Token) w wersjach od 0.0.1 do przed 6.2.0 jest podatna na kolizje cache przy użyciu niestandardowego mechanizmu budowania kluczy (cacheKeyBuilder). Błąd może skutkować tym, że jeden token JWT zostaje skojarzony z roszczeniami (claims) innego tokenu, co prowadzi do błędnej identyfikacji użytkowników.

pub. 2026-04-06
9.1
CVSS
CRITICAL
CVE-2021-37315

Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations.

pub. 2023-02-03
9.1
CVSS
CRITICAL
CVE-2021-37144

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.

pub. 2021-07-30
8.8
CVSS
HIGH
CVE-2014-125125

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.

pub. 2025-07-31
8.8
CVSS
HIGH
CVE-2021-37214

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator privilege and execute arbitrary command.

pub. 2021-08-09
Pokazano 20 z 123 podatności
Informacje
ID: CWE-706
Typ: Class
Podatności: 123
MITRE CWE ↗
← Słownik CWE