Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22

CVE IDCVSSVendorExploitPatchTrends
CVE-2023-52138Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.
CVSS 9.6Mate-desktop

Exploit

Patched

Trending graph for this CVE
CVE-2023-5212The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3.
CVSS 8.1Quantumcloud

Exploit

Patched

Trending graph for this CVE
CVE-2023-52085Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. By default, only the Brand Settings (backend.manage_branding) and Mail Brand Settings (system.manage_mail_templates) forms both include the colorpicker formwidget and pass the provided value to be compiled in LESS, however it is also common for themes to include it on their Theme Customization (cms.manage_theme_options) form and it is technically possible for the values on that form to also be used in LESS compilation: https://wintercms.com/docs/v1.2/docs/themes/development#asset-compiler-variables.
CVSS 3.3Wintercms

-

Patched

Trending graph for this CVE
CVE-2023-52076Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.
CVSS 7.8Mate-desktop

Exploit

Patched

Trending graph for this CVE
CVE-2023-5189A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
CVSS 6.5Redhat

Exploit

Patched

Trending graph for this CVE
CVE-2023-51651Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in thebuildEndpoint method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The buildEndpoint method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. Versions of the AWS SDK for PHP v3 before 3.288.1 are affected by this issue.
CVSS 6Amazon

-

Patched

Trending graph for this CVE
CVE-2023-51603Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CAB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-18592.
CVSS LowHoneywell

-

-

Trending graph for this CVE
CVE-2023-51599Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-18412.
CVSS LowHoneywell

-

-

Trending graph for this CVE
CVE-2023-51449Older versions of gradio contained a vulnerability in the /file route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with share=True, or on Hugging Face Spaces) if they knew the path of files to look for. This was not possible through regular URLs passed into a browser, but it was possible through the use of programmatic tools such as curl with the --pass-as-is flag. Furthermore, the /file route in Gradio apps also contained a vulnerability that made it possible to use it for SSRF attacks. Both of these vulnerabilities have been fixed in gradio==4.11.0
CVSS 5.6Gradio project

-

Patched

Trending graph for this CVE
CVE-2023-5142A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3H3c

Exploit

-

Trending graph for this CVE
CVE-2023-51401Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13.
CVSS 6.3Brainstormforce

-

-

Trending graph for this CVE
CVE-2023-51366A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
CVSS 6.5Qnap

-

Patched

Trending graph for this CVE
CVE-2023-51365A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
CVSS 8.7Qnap

Exploit

-

Trending graph for this CVE
CVE-2023-51364A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
CVSS 8.7Qnap

Exploit

-

Trending graph for this CVE
CVE-2023-5123The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path. This means that if the datasource was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the datasource which issues queries containing path traversal characters, which would in turn cause the datasource to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) https://example.com/api/admin_api/) . In the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability.
CVSS 8Grafana

-

-

Trending graph for this CVE
CVE-2023-5115An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
CVSS 6.3Debian, et al

-

Patched

Trending graph for this CVE
CVE-2023-51127FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file.
CVSS 7.5Flir

Exploit

-

Trending graph for this CVE
CVE-2023-5105The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`
CVSS 6.5Najeebmedia

Exploit

-

Trending graph for this CVE
CVE-2023-5097Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.
CVSS 5.5Hypr

-

Patched

Trending graph for this CVE
CVE-2023-50916Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks.
CVSS 7.2Kyocera

Exploit

Patched

Trending graph for this CVE
CVE-2023-50885Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14.
CVSS 6.8Wordpress, et al

-

-

Trending graph for this CVE
CVE-2023-50785Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
CVSS 2.7Zohocorp

-

Patched

Trending graph for this CVE
CVE-2023-50731MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server.
CVSS 9.1Mindsdb

Exploit

-

Trending graph for this CVE
CVE-2023-50449JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
CVSS 7.5Jfinalcms project

Exploit

-

Trending graph for this CVE
CVE-2023-50265Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.
CVSS 7.5Bazarr

Exploit

Patched

Trending graph for this CVE
CVE-2023-50264Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.
CVSS 7.5Bazarr

Exploit

Patched

Trending graph for this CVE
CVE-2023-50255Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
CVSS 9.3Deepin

Exploit

Patched

Trending graph for this CVE
CVE-2023-50254Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
CVSS 9.3Deepin

Exploit

Patched

Trending graph for this CVE
CVE-2023-50233Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the getJavaExecutable method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22029.
CVSS LowInductiveautomation

Exploit

-

Trending graph for this CVE
CVE-2023-49960In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint.
CVSS 7.5

-

-

Trending graph for this CVE
CVE-2023-4990Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.
CVSS 7.5

-

-

Trending graph for this CVE
CVE-2023-49801Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.
CVSS 7.5Lifplatforms

-

Patched

Trending graph for this CVE
CVE-2023-49793The path traversal vulnerability allows reading data on the machine of the CodeChecker server, with the same permission level as the CodeChecker server process. This allows for the exfiltration from the server-side storage medium. If the CodeChecker server is run with authentication enabled (not the default configuration), then the attack requires a valid user account on the CodeChecker server, with the permission to store to a database, and view the stored reports. CVSS 3.1 Base Score: 6.5AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Reproducible up to version 6.22.1.
CVSS 6.5Ericsson

Exploit

Patched

Trending graph for this CVE
CVE-2023-49788Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.2Collaboraoffice

-

Patched

Trending graph for this CVE
CVE-2023-49753Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.
CVSS 7.5Spoonthemes

-

-

Trending graph for this CVE
CVE-2023-49735** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles. This issue affects Apache Tiles from version 2 onwards. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.5Apache

-

Patched

Trending graph for this CVE
CVE-2023-49569A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS, which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli.
CVSS 9.8Go-git project

-

Patched

Trending graph for this CVE
CVE-2023-49294Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
CVSS 4.9Digium, et al

-

Patched

Trending graph for this CVE
CVE-2023-4914Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.
CVSS 7.5

Exploit

Patched

Trending graph for this CVE
CVE-2023-49108Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2023-49089Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.
CVSS 7.7Umbraco

-

Patched

Trending graph for this CVE
CVE-2023-49058SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.
CVSS 3.5Sap

-

Patched

Trending graph for this CVE
CVE-2023-48848An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
CVSS 7.5Ureport project

-

Patched

Trending graph for this CVE
CVE-2023-48660 Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
CVSS 7.5Dell

-

Patched

Trending graph for this CVE
CVE-2023-48389Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
CVSS 7.5Multisuns

-

-

Trending graph for this CVE
CVE-2023-48383NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
CVSS 7.5Netvision

-

-

Trending graph for this CVE
CVE-2023-48382Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
CVSS 6.5Softnext

-

-

Trending graph for this CVE
CVE-2023-48381Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
CVSS 6.5Softnext

-

-

Trending graph for this CVE
CVE-2023-48378Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
CVSS 7.5Softnext

-

-

Trending graph for this CVE
CVE-2023-48373ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
CVSS 7.5Itpison

-

-

Trending graph for this CVE
CVE-2023-48299TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve. The ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them. TorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability.
CVSS 5.3

-

Patched

Trending graph for this CVE
CVE-2023-48249The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users.
CVSS 6.5Bosch

-

Patched

Trending graph for this CVE
CVE-2023-48246The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
CVSS 6.5Bosch

-

Patched

Trending graph for this CVE
CVE-2023-48243The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.
CVSS 8.8Bosch

-

Patched

Trending graph for this CVE
CVE-2023-48242The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
CVSS 6.5Bosch

-

Patched

Trending graph for this CVE
CVE-2023-48185Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request.
CVSS 7.5

-

-

Trending graph for this CVE
CVE-2023-48166A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.
CVSS 7.5Unify

-

Patched

Trending graph for this CVE
CVE-2023-47890An authenticated user can gain control over the underlying pyLoad server.
CVSS 8.8Pyload

Exploit

Patched

Trending graph for this CVE
CVE-2023-47843Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
CVSS 7.6

-

-

Trending graph for this CVE
CVE-2023-4782Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.
CVSS MEDIUMHashicorp

-

Patched

Trending graph for this CVE
CVE-2023-47803A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVSS 5.3Synology

-

-

Trending graph for this CVE
CVE-2023-47702IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.
CVSS 4.3Ibm

-

Patched

Trending graph for this CVE
CVE-2023-47679Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3.
CVSS 6.4Qodeinteractive

-

-

Trending graph for this CVE
CVE-2023-47624Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
CVSS 7.5Audiobookshelf

Exploit

-

Trending graph for this CVE
CVE-2023-47613A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.
CVSS 7.1

-

-

Trending graph for this CVE
CVE-2023-4760In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept. For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.
CVSS 9.8Eclipse

Exploit

Patched

Trending graph for this CVE
CVE-2023-47541An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI.
CVSS 6.7Fortinet

-

-

Trending graph for this CVE
CVE-2023-4748A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238637 was assigned to this vulnerability.
CVSS 7.5Yonyou

Exploit

-

Trending graph for this CVE
CVE-2023-47473Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script.
CVSS 7.5Fuwushe

Exploit

-

Trending graph for this CVE
CVE-2023-47467Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
CVSS 6.5Jeecg

-

Patched

Trending graph for this CVE
CVE-2023-47464Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function.
CVSS 8.8Gl-inet

Exploit

-

Trending graph for this CVE
CVE-2023-47440Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.
CVSS 6.5Gladysassistant

-

Patched

Trending graph for this CVE
CVE-2023-47313Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the temporary file with an absolute path without validating it. Attackers may modify this API call by referring to arbitrary files. As a result, arbitrary files can be moved to the files directory and so they can be downloaded.
CVSS 5.4H-mdm

Exploit

-

Trending graph for this CVE
CVE-2023-47283Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
CVSS 4.9Cubecart

-

Patched

Trending graph for this CVE
CVE-2023-47279In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying.
CVSS 7.5Deltaww

-

-

Trending graph for this CVE
CVE-2023-47251In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem.
CVSS 6.5M-privacy

Exploit

-

Trending graph for this CVE
CVE-2023-47246In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
CVSS 9.8Sysaid

Exploit

Patched

Trending graph for this CVE
CVE-2023-47222An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
CVSS 9.6

-

-

Trending graph for this CVE
CVE-2023-47221A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later
CVSS 5.5

-

-

Trending graph for this CVE
CVE-2023-47211A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
CVSS 8.6Zohocorp

Exploit

Patched

Trending graph for this CVE
CVE-2023-47178Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8.
CVSS 8.6Posimyth

-

-

Trending graph for this CVE
CVE-2023-46886Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.
CVSS 9.1Dreamer cms project

Exploit

-

Trending graph for this CVE
CVE-2023-46864Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.
CVSS 5.3Peppermint

Exploit

Patched

Trending graph for this CVE
CVE-2023-46863Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.
CVSS 7.5Peppermint

Exploit

Patched

Trending graph for this CVE
CVE-2023-46784Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through 10.12.0.3.
CVSS 8.2

-

-

Trending graph for this CVE
CVE-2023-46749Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).
CVSS 6.6Apache

-

Patched

Trending graph for this CVE
CVE-2023-46690In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
CVSS 8.8Deltaww

-

-

Trending graph for this CVE
CVE-2023-46645A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS 6.8Github

-

-

Trending graph for this CVE
CVE-2023-46497Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
CVSS 5.4Evershop

-

-

Trending graph for this CVE
CVE-2023-46496Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.
CVSS 8.3Evershop

-

-

Trending graph for this CVE
CVE-2023-46493Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.
CVSS 5.3Evershop

-

-

Trending graph for this CVE
CVE-2023-46455In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
CVSS 7.5Gl-inet

-

-

Trending graph for this CVE
CVE-2023-46346In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
CVSS 7.5Myprestamodules

-

-

Trending graph for this CVE
CVE-2023-46307An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system.
CVSS 7.5Buddho

-

-

Trending graph for this CVE
CVE-2023-46237FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.
CVSS 5.3Fogproject

-

Patched

Trending graph for this CVE
CVE-2023-46205Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.14.
CVSS 7.1Brainstormforce

-

-

Trending graph for this CVE
CVE-2023-46197Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
CVSS 8.8Supsystic

Exploit

-

Trending graph for this CVE
CVE-2023-46177IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.
CVSS 6.5Ibm

-

Patched

Trending graph for this CVE
CVE-2023-4616This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user.
CVSS 7.5Lg

Exploit

Patched

Trending graph for this CVE
CVE-2023-4615This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user.
CVSS 7.5Lg

Exploit

Patched

Trending graph for this CVE