CWE-23 - Relative Path Traversal

Description

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. The attacker may be able to overwrite or create, delete, corrupt critical files, such as programs, libraries, or important data. The weakness is introduced during Implementation stage.

Latest vulnerabilities for CWE-23

Multiple vulnerabilities in LCDS LAquis SCADA 2019-01-16
High Yes

Multiple vulnerabilities in Emerson DeltaV DCS Workstations 2018-08-17
Medium Yes

Multiple vulnerabilities in Siemens Automation License Manager 2018-08-15
High Yes

Multiple vulnerabilities in Rockwell Automation Allen-Bradley Stratix 5950 2018-07-04
Medium Yes

Denial of service in Cisco Adaptive Security Appliance Web Services 2018-06-08
Medium Yes

Multiple vulnerabilities in GE MDS PulseNET and MDS PulseNET Enterprise 2018-06-01
High Yes

Multiple vulnerabilities in LOYTEC LVIS-3ME 2017-09-15
High Yes

Information disclosure in ABB SREA-01 and SREA-50 2017-08-10
Low Yes

Multiple vulnerabilities in Cisco Ultra Services Framework 2017-06-08
Low Yes

References

Description of CWE-23 on Mitre website