Common Weakness Enumeration

CWE-24

Allowed

Path Traversal: '../filedir'

Abstraction: Variant · Status: Incomplete

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

187 vulnerabilities reference this CWE, most recent first.

GHSA-GF8F-27QX-3PHV

Vulnerability from github – Published: 2024-01-09 21:30 – Updated: 2024-01-09 21:30
VLAI
Details

A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T19:15:11Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: \u0027../filedir\u0027. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability.",
  "id": "GHSA-gf8f-27qx-3phv",
  "modified": "2024-01-09T21:30:35Z",
  "published": "2024-01-09T21:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0341"
    },
    {
      "type": "WEB",
      "url": "https://note.zhaoj.in/share/VYx8H9u8gyHw"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.250109"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.250109"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H4H6-V7J3-3GH5

Vulnerability from github – Published: 2023-05-18 03:30 – Updated: 2023-05-18 03:30
VLAI
Details

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T03:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-h4h6-v7j3-3gh5",
  "modified": "2023-05-18T03:30:21Z",
  "published": "2023-05-18T03:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20166"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H693-9MJ7-PCJ4

Vulnerability from github – Published: 2025-10-30 21:30 – Updated: 2025-10-30 21:30
VLAI
Details

A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php component. An authenticated user with administrative privileges can leverage this flaw by submitting a specially crafted POST request, enabling the deletion of arbitrary files on the web server or underlying operating system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-63298"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-30T19:16:35Z",
    "severity": "HIGH"
  },
  "details": "A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php component. An authenticated user with administrative privileges can leverage this flaw by submitting a specially crafted POST request, enabling the deletion of arbitrary files on the web server or underlying operating system.",
  "id": "GHSA-h693-9mj7-pcj4",
  "modified": "2025-10-30T21:30:46Z",
  "published": "2025-10-30T21:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63298"
    },
    {
      "type": "WEB",
      "url": "https://github.com/z3rObyte/CVE-2025-63298"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com/sites/default/files/download/mayuri_k/petgrooming_erp.zip"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H6H4-9666-MQ74

Vulnerability from github – Published: 2023-01-02 09:31 – Updated: 2023-01-09 18:30
VLAI
Details

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The name of the patch is 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-125033"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-02T08:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: \u0027../filedir\u0027. The exploit has been disclosed to the public and may be used. The name of the patch is 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability.",
  "id": "GHSA-h6h4-9666-mq74",
  "modified": "2023-01-09T18:30:18Z",
  "published": "2023-01-02T09:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125033"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.217178"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.217178"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H7J4-HJMC-GJ46

Vulnerability from github – Published: 2024-01-25 21:32 – Updated: 2024-01-25 21:32
VLAI
Details

A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-25T19:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: \u0027../filedir\u0027. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-h7j4-hjmc-gj46",
  "modified": "2024-01-25T21:32:14Z",
  "published": "2024-01-25T21:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0882"
    },
    {
      "type": "WEB",
      "url": "https://github.com/biantaibao/LinkWechat-Scrm_arbitrary-file-download-vulnerability/blob/main/report.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.252033"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.252033"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HGX4-V6HR-X7QW

Vulnerability from github – Published: 2024-01-29 03:30 – Updated: 2024-01-29 03:30
VLAI
Details

A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-29T01:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: \u0027../filedir\u0027. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-hgx4-v6hr-x7qw",
  "modified": "2024-01-29T03:30:18Z",
  "published": "2024-01-29T03:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0989"
    },
    {
      "type": "WEB",
      "url": "https://note.zhaoj.in/share/XKxaJTphW6PB"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.252254"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.252254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J346-P98P-CW8V

Vulnerability from github – Published: 2023-05-18 03:30 – Updated: 2023-05-18 03:30
VLAI
Details

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20167"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T03:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-j346-p98p-cw8v",
  "modified": "2023-05-18T03:30:21Z",
  "published": "2023-05-18T03:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20167"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J893-M93W-JWJW

Vulnerability from github – Published: 2026-01-07 18:30 – Updated: 2026-01-08 17:18
VLAI
Summary
fast-filesystem-mcp has a Path Traversal vulnerability
Details

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed functions use path.resolve() which does not handle symlinks, allowing attackers to bypass directory access restrictions by creating symlinks within allowed directories that point to restricted system paths. When these symlinks are accessed through valid path references, the validation checks are circumvented, enabling access to unauthorized files.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "fast-filesystem-mcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-67364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-24"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-08T17:18:26Z",
    "nvd_published_at": "2026-01-07T17:16:01Z",
    "severity": "HIGH"
  },
  "details": "fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed functions use path.resolve() which does not handle symlinks, allowing attackers to bypass directory access restrictions by creating symlinks within allowed directories that point to restricted system paths. When these symlinks are accessed through valid path references, the validation checks are circumvented, enabling access to unauthorized files.",
  "id": "GHSA-j893-m93w-jwjw",
  "modified": "2026-01-08T17:18:26Z",
  "published": "2026-01-07T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67364"
    },
    {
      "type": "WEB",
      "url": "https://github.com/efforthye/fast-filesystem-mcp/issues/10"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/efforthye/fast-filesystem-mcp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "fast-filesystem-mcp has a Path Traversal vulnerability"
}

GHSA-M2F8-W9Q8-GVJ5

Vulnerability from github – Published: 2026-06-18 15:32 – Updated: 2026-06-18 15:32
VLAI
Details

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-18T14:17:25Z",
    "severity": "MODERATE"
  },
  "details": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.",
  "id": "GHSA-m2f8-w9q8-gvj5",
  "modified": "2026-06-18T15:32:02Z",
  "published": "2026-06-18T15:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44942"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1267874"
    },
    {
      "type": "WEB",
      "url": "https://www.suse.com/security/cve/CVE-2026-44942.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8Q3-732G-G5MM

Vulnerability from github – Published: 2025-10-22 06:31 – Updated: 2025-10-22 06:31
VLAI
Details

Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-22T04:15:51Z",
    "severity": "HIGH"
  },
  "details": "Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.",
  "id": "GHSA-m8q3-732g-g5mm",
  "modified": "2025-10-22T06:31:11Z",
  "published": "2025-10-22T06:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53691"
    },
    {
      "type": "WEB",
      "url": "https://zhuanlan.zhihu.com/p/639514473"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.