Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2021-32949 | Path Traversal vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. | 7.5 |
| 2022-03-31 | CVE-2022-26019 | Path Traversal vulnerability in Netgate Pfsense and Pfsense Plus Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | 8.8 |
| 2022-03-30 | CVE-2022-23793 | Path Traversal vulnerability in Joomla Joomla! An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. | 7.5 |
| 2022-03-29 | CVE-2022-25347 | Path Traversal vulnerability in Deltaww Diaenergie 1.08.00/1.7.5/1.8.0 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. | 7.5 |
| 2022-03-29 | CVE-2022-28146 | Path Traversal vulnerability in Jenkins Continuous Integration With Toad Edge Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | 6.5 |
| 2022-03-29 | CVE-2022-28148 | Path Traversal vulnerability in Jenkins Continuous Integration With Toad Edge The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | 6.5 |
| 2022-03-29 | CVE-2022-28156 | Path Traversal vulnerability in Jenkins Pipeline: Phoenix Autotest Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. | 6.5 |
| 2022-03-29 | CVE-2022-28157 | Path Traversal vulnerability in Jenkins Pipeline: Phoenix Autotest Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. | 6.5 |
| 2022-03-28 | CVE-2021-43099 | Path Traversal vulnerability in Diyhi BBS 5.3 An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. | 4.9 |
| 2022-03-28 | CVE-2021-24962 | Path Traversal vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. | 8.8 |