Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2018-20628 | Path Traversal vulnerability in Charity Foundation Script Project Charity Foundation Script PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | 7.5 |
| 2019-03-21 | CVE-2018-20626 | Path Traversal vulnerability in Consumer Reviews Script Project Consumer Reviews Script 4.0.3 PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | 6.5 |
| 2019-03-21 | CVE-2018-20525 | Path Traversal vulnerability in Roxyfileman Roxy Fileman 1.4.5 Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php. | 9.1 |
| 2019-03-21 | CVE-2018-19512 | Path Traversal vulnerability in ENS Webgalamb 6.0/7.0 In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. | 7.2 |
| 2019-03-21 | CVE-2018-19365 | Path Traversal vulnerability in Wowza Streaming Engine 4.7.4.0.1 The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. | 9.1 |
| 2019-03-21 | CVE-2018-11789 | Path Traversal vulnerability in Apache Heron When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. | 7.5 |
| 2019-03-12 | CVE-2019-5923 | Path Traversal vulnerability in Ichain Insurance Wallet Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2019-03-11 | CVE-2019-9686 | Path Traversal vulnerability in Pacman Project Pacman pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. | 8.8 |
| 2019-03-11 | CVE-2019-9662 | Path Traversal vulnerability in Jtbc PHP 3.0.1.8 An issue was discovered in JTBC(PHP) 3.0.1.8. | 7.5 |
| 2019-03-07 | CVE-2013-7466 | Path Traversal vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. | 8.8 |