Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-16 | CVE-2018-10122 | Path Traversal vulnerability in Chanzhi Pro1.6 QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php. | 7.5 |
| 2018-04-16 | CVE-2014-2069 | Path Traversal vulnerability in Eshtery.She7Ata Eshtery CMS Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. | 7.5 |
| 2018-04-13 | CVE-2018-10083 | Path Traversal vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter. | 7.5 |
| 2018-04-12 | CVE-2018-1079 | Path Traversal vulnerability in multiple products pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. | 6.5 |
| 2018-04-12 | CVE-2018-9118 | Path Traversal vulnerability in 99Robots WP Background Takeover Advertisements exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. | 7.5 |
| 2018-04-10 | CVE-2018-9038 | Path Traversal vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request. | 6.5 |
| 2018-04-08 | CVE-2018-9851 | Path Traversal vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence. | 7.5 |
| 2018-04-08 | CVE-2018-9850 | Path Traversal vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. | 7.5 |
| 2018-04-07 | CVE-2018-9331 | Path Traversal vulnerability in Zzcms 8.2 An issue was discovered in zzcms 8.2. | 7.5 |
| 2018-04-06 | CVE-2018-1271 | Path Traversal vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. | 5.9 |