Path Traversal

⚔️ Attack Types Related 14
slug: path-traversal

Explanation

パストラバーサルは「ファイル名を指定する箇所に `../../../etc/passwd` のような文字列を入れて、本来アクセスできないファイルを読み出す」攻撃です。 ファイルダウンロード機能や画像表示機能でよく見られます。 対策は「ユーザー入力のファイル名を、必ずホワイトリスト・固定ディレクトリに制限する」こと。
📌 Example
CVE-2024-57726 (SimpleHelp): zipファイル展開時のZip Slipにより、サーバー上の任意の場所にファイル書き込みされる脆弱性。

🔖 Related tags

🛡 Vulnerabilities tagged with this 785

ID Title
CVE-2026-24217 Vulnerability in path-traversal (CVE-2026-24217)
CVE-2026-23734 Vulnerability in org.xwiki.commons:xwiki-commons-classloader-api (CVE-2026-23734)
CVE-2026-24209 Path Traversal in path-traversal (CVE-2026-24209)
CVE-2026-24208 Path Traversal in path-traversal (CVE-2026-24208)
CVE-2026-36829 Path Traversal in path-traversal (CVE-2026-36829)
CVE-2025-70950 Path Traversal in github.com/itang/gohttp (CVE-2025-70950)
CVE-2026-46724 Path Traversal in tpwd/ke_search (CVE-2026-46724)
CVE-2026-31379 Path Traversal in apache (CVE-2026-31379)
CVE-2026-29220 Path Traversal in apache (CVE-2026-29220)
CVE-2026-27891 FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
CVE-2026-47091 Path Traversal in path-traversal (CVE-2026-47091)
CVE-2026-45242 Vulnerability in @steipete/summarize (CVE-2026-45242)
CVE-2026-29962 Vulnerability in path-traversal (CVE-2026-29962)
CVE-2026-45230 Path Traversal in path-traversal (CVE-2026-45230)
CVE-2026-29963 Path Traversal in path-traversal (CVE-2026-29963)
CVE-2026-45727 Path Traversal in cloakbrowser (CVE-2026-45727)
CVE-2026-41948 Vulnerability in path-traversal (CVE-2026-41948)
CVE-2026-7302 Vulnerability in sglang (CVE-2026-7302)
CVE-2026-8802 Path Traversal in path-traversal (CVE-2026-8802)
CVE-2026-8770 Path Traversal in path-traversal (CVE-2026-8770)
CVE-2026-8765 Path Traversal in path-traversal (CVE-2026-8765)
CVE-2026-8757 Path Traversal in path-traversal (CVE-2026-8757)
CVE-2026-8756 Path Traversal in path-traversal (CVE-2026-8756)
CVE-2026-8755 Path Traversal in path-traversal (CVE-2026-8755)
CVE-2026-8754 Path Traversal in AstrBot (CVE-2026-8754)
CVE-2018-25326 Path Traversal in wordpress (CVE-2018-25326)
CVE-2018-25325 Path Traversal in wordpress (CVE-2018-25325)
CVE-2026-8736 Path Traversal in path-traversal (CVE-2026-8736)
CVE-2021-47978 Vulnerability in path-traversal (CVE-2021-47978)
CVE-2021-47977 Path Traversal in wordpress (CVE-2021-47977)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →