Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30427 | 1 Ginadmin Project | 1 Ginadmin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. | |||||
| CVE-2022-30321 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0. | |||||
| CVE-2022-30302 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | N/A | 6.5 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests. | |||||
| CVE-2022-30301 | 1 Fortinet | 1 Fortiap-u | 2024-11-21 | N/A | 7.8 HIGH |
| A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands. | |||||
| CVE-2022-30300 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 6.5 MEDIUM |
| A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. | |||||
| CVE-2022-30299 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 5.3 MEDIUM |
| A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests. | |||||
| CVE-2022-30117 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting. | |||||
| CVE-2022-30062 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php | |||||
| CVE-2022-30061 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. | |||||
| CVE-2022-30059 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. | |||||
| CVE-2022-30058 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. | |||||
| CVE-2022-2969 | 1 Deltaww | 1 Dialink | 2024-11-21 | N/A | 8.1 HIGH |
| Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory. | |||||
| CVE-2022-2945 | 1 Connekthq | 1 Ajax Load More | 2024-11-21 | N/A | 4.9 MEDIUM |
| The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2022-2922 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A | 4.9 MEDIUM |
| Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | |||||
| CVE-2022-2893 | 1 Ronds | 1 Equipment Predictive Maintenance | 2024-11-21 | N/A | 8.2 HIGH |
| RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files. | |||||
| CVE-2022-2863 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | N/A | 4.9 MEDIUM |
| The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack | |||||
| CVE-2022-2788 | 1 Emerson | 1 Electric\'s Proficy | 2024-11-21 | N/A | 3.9 LOW |
| Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. | |||||
| CVE-2022-2712 | 1 Eclipse | 1 Glassfish | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. | |||||
| CVE-2022-2653 | 1 Planka | 1 Planka | 2024-11-21 | N/A | 6.5 MEDIUM |
| With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system. | |||||
| CVE-2022-2557 | 1 Radiustheme | 1 Team - Wordpress Team Members Showcase | 2024-11-21 | N/A | 8.8 HIGH |
| The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user | |||||