Common Weakness Enumeration

CWE-27

Allowed

Path Traversal: 'dir/../../filename'

Abstraction: Variant · Status: Draft

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory.

37 vulnerabilities reference this CWE, most recent first.

GHSA-9C5F-CJMG-7RFH

Vulnerability from github – Published: 2025-08-05 21:31 – Updated: 2025-08-05 21:31
VLAI
Details

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52237"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-27"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-05T21:15:38Z",
    "severity": "MODERATE"
  },
  "details": "An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.",
  "id": "GHSA-9c5f-cjmg-7rfh",
  "modified": "2025-08-05T21:31:38Z",
  "published": "2025-08-05T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52237"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/CTRLCCT/c9b5aab78a179a2d92a41889a588c933"
    },
    {
      "type": "WEB",
      "url": "http://sscms.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9Q7W-X98H-Q5CW

Vulnerability from github – Published: 2025-09-25 12:31 – Updated: 2026-06-05 12:31
VLAI
Details

Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affects Yordam Katalog: before 21.7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10438"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-27"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-25T10:15:29Z",
    "severity": "HIGH"
  },
  "details": "Path Traversal: \u0027dir/../../filename\u0027 vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affects Yordam Katalog: before 21.7.",
  "id": "GHSA-9q7w-x98h-q5cw",
  "modified": "2026-06-05T12:31:43Z",
  "published": "2025-09-25T12:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10438"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0296"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-25-0296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CCCM-3VQ5-CXQG

Vulnerability from github – Published: 2024-08-05 00:30 – Updated: 2024-08-05 00:30
VLAI
Details

A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-27"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-04T22:15:50Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: \u0027dir/../../filename\u0027. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551.",
  "id": "GHSA-cccm-3vq5-cxqg",
  "modified": "2024-08-05T00:30:51Z",
  "published": "2024-08-05T00:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7458"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elunez/eladmin/issues/851"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.273551"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.273551"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.380498"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F8R6-6222-9PVC

Vulnerability from github – Published: 2026-01-05 09:30 – Updated: 2026-01-05 19:57
VLAI
Summary
Apache Kyuubi Server vulnerable to Path Traversal
Details

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config.

This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2.

Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kyuubi:kyuubi-server_2.12"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.0"
            },
            {
              "fixed": "1.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-27"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-05T19:57:06Z",
    "nvd_published_at": "2026-01-05T09:15:54Z",
    "severity": "HIGH"
  },
  "details": "Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config.\n\nThis issue affects Apache Kyuubi: from 1.6.0 through 1.10.2.\n\nUsers are recommended to upgrade to version 1.10.3 or upper, which fixes the issue.",
  "id": "GHSA-f8r6-6222-9pvc",
  "modified": "2026-01-05T19:57:06Z",
  "published": "2026-01-05T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66518"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/kyuubi"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/xp460bwbyzdhho34ljd4nchyt2fmhodl"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/01/05/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Kyuubi Server vulnerable to Path Traversal"
}

GHSA-M7Q5-X69W-QC6V

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2024-04-03 18:30
VLAI
Details

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.

This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20348"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-27"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:49Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.\n\n This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure.",
  "id": "GHSA-m7q5-x69w-qc6v",
  "modified": "2024-04-03T18:30:41Z",
  "published": "2024-04-03T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20348"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV3W-PHWQ-Q4X7

Vulnerability from github – Published: 2025-10-11 09:30 – Updated: 2025-10-16 15:30
VLAI
Details

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-27"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-11T09:15:34Z",
    "severity": "LOW"
  },
  "details": "Denial of service (DoS) vulnerability in the office service.\u00a0Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-rv3w-phwq-q4x7",
  "modified": "2025-10-16T15:30:27Z",
  "published": "2025-10-11T09:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58292"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2025/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGVC-4HPW-3247

Vulnerability from github – Published: 2024-02-22 18:30 – Updated: 2024-08-20 00:32
VLAI
Details

cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-27"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-22T16:15:54Z",
    "severity": "MODERATE"
  },
  "details": "cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.",
  "id": "GHSA-wgvc-4hpw-3247",
  "modified": "2024-08-20T00:32:56Z",
  "published": "2024-02-22T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25828"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sec-Kode/cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.