Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2022-47762 | Path Traversal vulnerability in Gin-Vue-Admin Project Gin-Vue-Admin In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. | 7.5 |
| 2023-02-03 | CVE-2021-36425 | Path Traversal vulnerability in PHPwcms Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. | 5.4 |
| 2023-02-03 | CVE-2021-37317 | Path Traversal vulnerability in Asus Rt-Ac68U Firmware Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | 9.1 |
| 2023-02-02 | CVE-2022-3560 | Path Traversal vulnerability in multiple products A flaw was found in pesign. | 5.5 |
| 2023-02-01 | CVE-2022-45783 | Path Traversal vulnerability in Dotcms An issue was discovered in dotCMS core 4.x through 22.10.2. | 6.5 |
| 2023-02-01 | CVE-2023-23136 | Path Traversal vulnerability in Lmxcms 1.41 lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. | 6.5 |
| 2023-02-01 | CVE-2023-0454 | Path Traversal vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. | 8.1 |
| 2023-02-01 | CVE-2022-47768 | Path Traversal vulnerability in Serinf Fast Checkin 1.0 Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. | 7.5 |
| 2023-01-31 | CVE-2022-46835 | Path Traversal vulnerability in Sailpoint Identityiq IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. | 7.5 |
| 2023-01-31 | CVE-2023-0591 | Path Traversal vulnerability in UBI Reader Project UBI Reader ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. | 5.5 |