Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2022-42474 | Path Traversal vulnerability in Fortinet Fortiproxy and Fortiswitchmanager A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests. | 2.7 |
| 2023-06-12 | CVE-2023-34342 | Path Traversal vulnerability in AMI Megarac Sp-X AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering. | 9.1 |
| 2023-06-12 | CVE-2023-30198 | Path Traversal vulnerability in Webbax Winbizpayment 1.0.2 Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php. | 7.5 |
| 2023-06-12 | CVE-2023-34345 | Path Traversal vulnerability in AMI Megarac Sp-X AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. | 6.5 |
| 2023-06-06 | CVE-2023-34409 | Path Traversal vulnerability in Percona Monitoring and Management 2.0.0/2.2.0/2.2.1 In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. | 9.8 |
| 2023-06-06 | CVE-2023-33747 | Path Traversal vulnerability in Mgt-Commerce Cloudpanel CloudPanel v2.2.2 allows attackers to execute a path traversal. | 7.8 |
| 2023-06-05 | CVE-2023-33524 | Path Traversal vulnerability in Advent Tamale RMS Advent/SSC Inc. | 5.3 |
| 2023-06-05 | CVE-2023-33690 | Path Traversal vulnerability in Sonicjs 0.5.4/0.6.0/0.7.0 SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | 6.5 |
| 2023-06-05 | CVE-2023-3098 | Path Traversal vulnerability in Ubuntukylin Youker-Assistant A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. | 7.8 |
| 2023-06-05 | CVE-2023-34407 | Path Traversal vulnerability in Harbingergroup Office Player 4.0.6.0.2 OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. | 7.5 |