Common Weakness Enumeration

CWE-610

Discouraged

Externally Controlled Reference to a Resource in Another Sphere

Abstraction: Class · Status: Draft

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

278 vulnerabilities reference this CWE, most recent first.

GHSA-3Q5H-R4QP-QQCG

Vulnerability from github – Published: 2023-11-30 06:33 – Updated: 2023-11-30 06:33
VLAI
Details

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-30T04:15:07Z",
    "severity": "HIGH"
  },
  "details": "Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.",
  "id": "GHSA-3q5h-r4qp-qqcg",
  "modified": "2023-11-30T06:33:24Z",
  "published": "2023-11-30T06:33:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5247"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU93383160"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-016_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3Q5R-87HX-PV77

Vulnerability from github – Published: 2023-10-04 21:30 – Updated: 2023-10-04 21:30
VLAI
Details

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-04T20:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.",
  "id": "GHSA-3q5r-87hx-pv77",
  "modified": "2023-10-04T21:30:22Z",
  "published": "2023-10-04T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44209"
    },
    {
      "type": "WEB",
      "url": "https://security-advisory.acronis.com/advisories/SEC-2119"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3X6X-HP89-VCMQ

Vulnerability from github – Published: 2026-03-06 00:31 – Updated: 2026-03-06 00:31
VLAI
Details

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-28721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-06T00:16:13Z",
    "severity": "HIGH"
  },
  "details": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.",
  "id": "GHSA-3x6x-hp89-vcmq",
  "modified": "2026-03-06T00:31:35Z",
  "published": "2026-03-06T00:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28721"
    },
    {
      "type": "WEB",
      "url": "https://security-advisory.acronis.com/advisories/SEC-8445"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4377-HQ3V-HGQH

Vulnerability from github – Published: 2022-12-20 21:30 – Updated: 2022-12-20 21:30
VLAI
Details

In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-16T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496",
  "id": "GHSA-4377-hq3v-hgqh",
  "modified": "2022-12-20T21:30:18Z",
  "published": "2022-12-20T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20515"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-448F-WW7H-5M58

Vulnerability from github – Published: 2022-08-29 20:06 – Updated: 2022-09-02 00:01
VLAI
Details

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2638"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-29T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server",
  "id": "GHSA-448f-ww7h-5m58",
  "modified": "2022-09-02T00:01:02Z",
  "published": "2022-08-29T20:06:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2638"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/70840a72-ccdc-4eee-9ad2-874809e5de11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45CG-2683-GFMQ

Vulnerability from github – Published: 2026-03-03 21:37 – Updated: 2026-03-19 22:19
VLAI
Summary
OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files
Details

Impact

assertBrowserNavigationAllowed() validated only http:/https: network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to file:// URLs and read local files via browser snapshot/extraction flows.

Affected Component

  • src/browser/navigation-guard.ts

Technical Reproduction

  1. Authenticate to a gateway that has browser tooling enabled.
  2. Invoke browser navigation with a file:// URL (for example file:///etc/passwd).
  3. Read page content through browser snapshot/extract actions.

Demonstrated Impact

An attacker with valid gateway credentials and browser-tool access can exfiltrate local files readable by the OpenClaw process user (for example config/secrets in that user context).

Environment

  • OpenClaw browser tool enabled
  • Attacker has authenticated access capable of invoking browser actions

Remediation Advice

Reject unsupported navigation schemes and allow only explicitly safe non-network URLs. OpenClaw now blocks non-network schemes (such as file:, data:, and javascript:) while preserving about:blank.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.19-2
  • Patched in planned next release: 2026.2.21

Fix Commit(s)

  • 220bd95eff6838234e8b4b711f86d4565e16e401

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.21) so once npm 2026.2.21 is published, the advisory can be published directly.

OpenClaw thanks @q1uf3ng for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T21:37:59Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Impact\n\n`assertBrowserNavigationAllowed()` validated only `http:`/`https:` network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to `file://` URLs and read local files via browser snapshot/extraction flows.\n\n## Affected Component\n\n- `src/browser/navigation-guard.ts`\n\n## Technical Reproduction\n\n1. Authenticate to a gateway that has browser tooling enabled.\n2. Invoke browser navigation with a `file://` URL (for example `file:///etc/passwd`).\n3. Read page content through browser snapshot/extract actions.\n\n## Demonstrated Impact\n\nAn attacker with valid gateway credentials and browser-tool access can exfiltrate local files readable by the OpenClaw process user (for example config/secrets in that user context).\n\n## Environment\n\n- OpenClaw browser tool enabled\n- Attacker has authenticated access capable of invoking browser actions\n\n## Remediation Advice\n\nReject unsupported navigation schemes and allow only explicitly safe non-network URLs. OpenClaw now blocks non-network schemes (such as `file:`, `data:`, and `javascript:`) while preserving `about:blank`.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.2.19-2`\n- Patched in planned next release: `2026.2.21`\n\n## Fix Commit(s)\n\n- `220bd95eff6838234e8b4b711f86d4565e16e401`\n\n## Release Process Note\n\n`patched_versions` is pre-set to the planned next release (`2026.2.21`) so once npm `2026.2.21` is published, the advisory can be published directly.\n\nOpenClaw thanks @q1uf3ng for reporting.",
  "id": "GHSA-45cg-2683-gfmq",
  "modified": "2026-03-19T22:19:19Z",
  "published": "2026-03-03T21:37:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-45cg-2683-gfmq"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/220bd95eff6838234e8b4b711f86d4565e16e401"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files"
}

GHSA-4662-9QVH-XXM7

Vulnerability from github – Published: 2021-12-09 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-08T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A unintended proxy or intermediary (\u0027confused deputy\u0027) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.",
  "id": "GHSA-4662-9qvh-xxm7",
  "modified": "2023-08-08T15:31:24Z",
  "published": "2021-12-09T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36190"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-21-123"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4883-9GWJ-77MJ

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-15T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-4883-9gwj-77mj",
  "modified": "2022-05-24T17:30:45Z",
  "published": "2022-05-24T17:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6105"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-26"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-49JR-333R-MQW3

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:30
VLAI
Details

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42733"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-17T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in syngo Dynamics (All versions \u003c VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website\u2019s application pool.",
  "id": "GHSA-49jr-333r-mqw3",
  "modified": "2024-04-04T05:30:21Z",
  "published": "2023-07-06T19:24:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42733"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4CJP-GF5V-8843

Vulnerability from github – Published: 2025-07-09 06:30 – Updated: 2025-07-11 21:31
VLAI
Details

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-09T06:15:23Z",
    "severity": "HIGH"
  },
  "details": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",
  "id": "GHSA-4cjp-gf5v-8843",
  "modified": "2025-07-11T21:31:03Z",
  "published": "2025-07-09T06:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6691"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/sureforms/trunk/admin/views/entries-list-table.php#L661"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3319753%40sureforms\u0026new=3319753%40sureforms\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/sureforms"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4658546-bf57-414b-a3c9-bf7a5692c5fe?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-219: XML Routing Detour Attacks

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.