Cwe 22

🧬 CWE Related 96
slug: cwe-22

Explanation

CWE-22は「ファイル名のパスをユーザー入力から組み立てるとき、`../` のような相対パス記号をきちんと無害化せず、本来アクセスできないファイルを読み書きされてしまう欠陥」のことです。 ファイルダウンロード機能・画像表示機能・テンプレート機能でよく見られます。 対策は「絶対パスへの正規化 + 許可されたディレクトリ内かのチェック」、または「ファイル名にIDのみを使い、パス記号を一切使わない設計」。
📌 Example
CVE-2024-57726 (SimpleHelp): zipファイル展開時のZip Slip攻撃で、サーバー上の任意の場所にファイル書き込みされる脆弱性。CISA KEV入り。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,035

ID Title
CVE-2025-60969 Path Traversal in path-traversal (CVE-2025-60969)
CVE-2025-10449 Path Traversal in path-traversal (CVE-2025-10449)
CVE-2025-10468 Path Traversal in path-traversal (CVE-2025-10468)
CVE-2025-9566 Path Traversal in github.com/containers/podman/v5 (CVE-2025-9566)
CVE-2025-7039 Path Traversal in path-traversal (CVE-2025-7039)
CVE-2024-55401 An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
CVE-2012-10024 Path Traversal in path-traversal (CVE-2012-10024)
CVE-2019-5418 KEV [KEV] Path Traversal in rails (CVE-2019-5418)
CVE-2024-0769 KEV [KEV] Path Traversal in D-link dir-859-router (CVE-2024-0769)
CVE-2025-6020 Path Traversal in CVE-2025-6020 (CVE-2025-6020)
CVE-2025-4632 KEV [KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2025-4632)
CVE-2023-38950 KEV [KEV] Path Traversal in Zkteco biotime (CVE-2023-38950)
CVE-2025-27920 KEV [KEV] Path Traversal in Srimax output-messenger (CVE-2025-27920)
CVE-2025-34028 KEV [KEV] Path Traversal in Commvault command-center (CVE-2025-34028)
CVE-2017-12637 KEV [KEV] Path Traversal in Sap netweaver (CVE-2017-12637)
CVE-2024-8262 Path Traversal in path-traversal (CVE-2024-8262)
CVE-2024-4885 KEV [KEV] Path Traversal in Progress whatsup-gold (CVE-2024-4885)
CVE-2025-25800 Path Traversal in seacms (CVE-2025-25800)
CVE-2025-1035 Path Traversal in path-traversal (CVE-2025-1035)
CVE-2024-57727 KEV [KEV] Path Traversal in simplehelp (CVE-2024-57727)
CVE-2025-22205 Path Traversal in path-traversal (CVE-2025-22205)
CVE-2024-48885 Path Traversal in path-traversal (CVE-2024-48885)
CVE-2024-12088 Path Traversal in path-traversal (CVE-2024-12088)
CVE-2024-12087 Path Traversal in path-traversal (CVE-2024-12087)
CVE-2024-48884 Path Traversal in path-traversal (CVE-2024-48884)
CVE-2024-55550 KEV [KEV] Path Traversal in Mitel micollab (CVE-2024-55550)
CVE-2024-41713 KEV [KEV] Path Traversal in Mitel micollab (CVE-2024-41713)
CVE-2024-11667 KEV [KEV] Path Traversal in Zyxel multiple-firewalls (CVE-2024-11667)
CVE-2021-26086 KEV [KEV] Path Traversal in Atlassian jira-server-and-data-center (CVE-2021-26086)
CVE-2019-16278 KEV [KEV] Path Traversal in Nostromo nhttpd (CVE-2019-16278)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →