Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-17 | CVE-2018-18576 | Path Traversal vulnerability in Incsub Hustle The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI. | 5.3 |
| 2020-03-13 | CVE-2020-10564 | Path Traversal vulnerability in Iptanus Wordpress File Upload An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. | 9.8 |
| 2020-03-13 | CVE-2019-13195 | Path Traversal vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. | 7.5 |
| 2020-03-13 | CVE-2020-10086 | Path Traversal vulnerability in Gitlab GitLab 10.4 through 12.8.1 allows Directory Traversal. | 5.3 |
| 2020-03-13 | CVE-2019-12182 | Path Traversal vulnerability in Safescan products Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. | 9.8 |
| 2020-03-12 | CVE-2020-0520 | Path Traversal vulnerability in Intel Graphics Driver Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. | 7.8 |
| 2020-03-12 | CVE-2020-10459 | Path Traversal vulnerability in Chadhaajay PHPkb 9.0 Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder. | 2.7 |
| 2020-03-12 | CVE-2020-10458 | Path Traversal vulnerability in Chadhaajay PHPkb 9.0 Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service. | 6.5 |
| 2020-03-12 | CVE-2020-10457 | Path Traversal vulnerability in Chadhaajay PHPkb 9.0 Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed). | 2.7 |
| 2020-03-12 | CVE-2020-10387 | Path Traversal vulnerability in Chadhaajay PHPkb 9.0 Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file. | 4.9 |