Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.
The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vlad.olaru Fonto fonto allows Path Traversal.This issue affects Fonto: from n/a through <= 1.2.2.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows Absolute Path Traversal.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pixelgrade Category Icon category-icon allows Path Traversal.This issue affects Category Icon: from n/a through <= 1.0.1.
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass Cisco FMC Software security restrictions and gain access to the underlying filesystem of the affected device.
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for authenticated attackers, with Editor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys.
A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests.
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through 1.0.1.
Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.
Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through <= 2.2.11.
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances.
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information.
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RealMag777 WOLF bulk-editor allows Path Traversal.This issue affects WOLF: from n/a through <= 1.0.8.5.
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host operating system. Ombi administrators may not always be local system administrators and so this may violate the security expectations of the system. The arbitrary file read vulnerability was present in `ReadLogFile` and `Download` endpoints in `SystemControllers.cs` as the parameter `logFileName` is not sanitized before being combined with the `Logs` directory. When using `Path.Combine(arg1, arg2, arg3)`, an attacker may be able to escape to folders/files outside of `Path.Combine(arg1, arg2)` by using ".." in `arg3`. In addition, by specifying an absolute path for `arg3`, `Path.Combine` will completely ignore the first two arguments and just return just `arg3`. This vulnerability can lead to information disclosure. The Ombi `documentation` suggests running Ombi as a Service with Administrator privileges. An attacker targeting such an application may be able to read the files of any Windows user on the host machine and certain system files. This issue has been addressed in commit `b8a8f029` and in release version 4.38.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-088.
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gioni Plugin Inspector plugin-inspector allows Path Traversal.This issue affects Plugin Inspector: from n/a through <= 1.5.
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue.
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later