Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-22 | CVE-2024-21518 | Path Traversal vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 7.2 |
| 2024-06-14 | CVE-2024-24320 | Path Traversal vulnerability in Mgt-Commerce Cloudpanel Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function. | 8.8 |
| 2024-06-13 | CVE-2023-35860 | Path Traversal vulnerability in Moderncampus Omni CMS 2023.1 A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php. | 5.3 |
| 2024-06-13 | CVE-2024-4576 | Path Traversal vulnerability in Tibco EBX The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. | 5.3 |
| 2024-06-10 | CVE-2024-36418 | Path Traversal vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
| 2024-06-07 | CVE-2024-5637 | Path Traversal vulnerability in Vanyukov Market Exporter The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. | 8.1 |
| 2024-06-07 | CVE-2024-5481 | Path Traversal vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. | 8.8 |
| 2024-06-06 | CVE-2024-3429 | Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. | 9.8 |
| 2024-06-06 | CVE-2024-4320 | Path Traversal vulnerability in Lollms web UI A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. | 9.8 |
| 2024-06-06 | CVE-2024-4881 | Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. | 7.5 |