Cwe 22

Explanation

CWE-22は「ファイル名のパスをユーザー入力から組み立てるとき、`../` のような相対パス記号をきちんと無害化せず、本来アクセスできないファイルを読み書きされてしまう欠陥」のことです。ファイルダウンロード機能・画像表示機能・テンプレート機能でよく見られます。対策は「絶対パスへの正規化 + 許可されたディレクトリ内かのチェック」、または「ファイル名にIDのみを使い、パス記号を一切使わない設計」。

📌 Example

CVE-2024-57726 (SimpleHelp): zipファイル展開時のZip Slip攻撃で、サーバー上の任意の場所にファイル書き込みされる脆弱性。CISA KEV入り。

🛡 Vulnerabilities tagged with this 98

ID	Title	Severity	Detected
CVE-2025-6218 KEV	[KEV] Path Traversal in Rarlab winrar (CVE-2025-6218)	High	5 months ago
CVE-2021-43798 KEV	[KEV] Path Traversal in Grafana labs grafana-labs (CVE-2021-43798)	High	7 months ago
CVE-2019-5418 KEV	[KEV] Path Traversal in rails (CVE-2019-5418)	High	10 months ago
CVE-2024-0769 KEV	[KEV] Path Traversal in D-link dir-859-router (CVE-2024-0769)	High	10 months ago
CVE-2025-4632 KEV	[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2025-4632)	High	11 months ago
CVE-2023-38950 KEV	[KEV] Path Traversal in Zkteco biotime (CVE-2023-38950)	High	11 months ago
CVE-2025-27920 KEV	[KEV] Path Traversal in Srimax output-messenger (CVE-2025-27920)	High	11 months ago
CVE-2025-34028 KEV	[KEV] Path Traversal in Commvault command-center (CVE-2025-34028)	High	1 year ago
CVE-2017-12637 KEV	[KEV] Path Traversal in Sap netweaver (CVE-2017-12637)	High	1 year ago
CVE-2024-4885 KEV	[KEV] Path Traversal in Progress whatsup-gold (CVE-2024-4885)	High	1 year ago
CVE-2024-57727 KEV	[KEV] Path Traversal in simplehelp (CVE-2024-57727)	High	1 year ago
CVE-2024-41713 KEV	[KEV] Path Traversal in Mitel micollab (CVE-2024-41713)	High	1 year ago
CVE-2024-55550 KEV	[KEV] Path Traversal in Mitel micollab (CVE-2024-55550)	High	1 year ago
CVE-2024-11667 KEV	[KEV] Path Traversal in Zyxel multiple-firewalls (CVE-2024-11667)	High	1 year ago
CVE-2021-26086 KEV	[KEV] Path Traversal in Atlassian jira-server-and-data-center (CVE-2021-26086)	High	1 year ago
CVE-2019-16278 KEV	[KEV] Path Traversal in Nostromo nhttpd (CVE-2019-16278)	High	1 year ago
CVE-2024-8963 KEV	[KEV] Path Traversal in Ivanti cloud-services-appliance-csa (CVE-2024-8963)	High	1 year ago
CVE-2021-20124 KEV	[KEV] Path Traversal in Draytek vigorconnect (CVE-2021-20124)	High	1 year ago
CVE-2021-20123 KEV	[KEV] Path Traversal in Draytek vigorconnect (CVE-2021-20123)	High	1 year ago
CVE-2024-7262 KEV	[KEV] Path Traversal in Kingsoft wps-office (CVE-2024-7262)	High	1 year ago
CVE-2024-32113 KEV	[KEV] Path Traversal in Apache ofbiz (CVE-2024-32113)	High	1 year ago
CVE-2024-28995 KEV	[KEV] Path Traversal in Solarwinds serv-u (CVE-2024-28995)	High	1 year ago
CVE-2023-47246 KEV	[KEV] Path Traversal in sysaid (CVE-2023-47246)	High	2 years ago
CVE-2023-32315 KEV	[KEV] Path Traversal in Ignite realtime ignite-realtime (CVE-2023-32315)	High	2 years ago
CVE-2023-35081 KEV	[KEV] Path Traversal in Ivanti endpoint-manager-mobile-epmm (CVE-2023-35081)	High	2 years ago
CVE-2022-41328 KEV	[KEV] Path Traversal in Fortinet fortios (CVE-2022-41328)	High	3 years ago
CVE-2018-5430 KEV	[KEV] Path Traversal in Tibco jasperreports (CVE-2018-5430)	High	3 years ago
CVE-2018-18809 KEV	[KEV] Path Traversal in Tibco jasperreports (CVE-2018-18809)	High	3 years ago
CVE-2022-26500 KEV	[KEV] Path Traversal in Veeam backup-replication (CVE-2022-26500)	High	3 years ago
CVE-2022-41352 KEV	[KEV] Path Traversal in Synacor zimbra-collaboration-suite-zcs (CVE-2022-41352)	High	3 years ago

Title