Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-73 (文件名或路径的外部可控制) — Vulnerability Class 311

311 vulnerabilities classified as CWE-73 (文件名或路径的外部可控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-23536 Alertmanager can expose local files content via specially crafted config — cortex 6.5 Medium2022-12-19
CVE-2022-42732 Siemens syngo Dynamics 安全漏洞 — syngo Dynamics 7.5 -2022-11-17
CVE-2022-42733 Siemens syngo Dynamics 安全漏洞 — syngo Dynamics 7.5 -2022-11-17
CVE-2022-42734 Siemens syngo Dynamics 安全漏洞 — syngo Dynamics 7.5 -2022-11-17
CVE-2022-42891 Siemens syngo Dynamics 安全漏洞 — syngo Dynamics 7.5 -2022-11-17
CVE-2022-42893 Siemens syngo Dynamics 安全漏洞 — syngo Dynamics 7.5 -2022-11-17
CVE-2022-2431 Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion — Download Manager 8.1 High2022-09-06
CVE-2022-2638 Export All URLs < 4.4 - Admin+ Arbitrary System File Removal — Export All URLs 6.5 -2022-08-29
CVE-2022-32761 WWBN AVideo 安全漏洞 — AVideo 6.5 -2022-08-22
CVE-2022-28710 WWBN AVideo 安全漏洞 — AVideo 6.5 -2022-08-22
CVE-2022-2400 External Control of File Name or Path in dompdf/dompdf — dompdf/dompdf 8.2 -2022-07-18
CVE-2022-34765 多款Schneider Electric产品安全漏洞 — OPC UA Modicon Communication Module 5.5 Medium2022-07-13
CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer — Piano-LED-Visualizer 9.9 Critical2022-04-29
CVE-2022-20789 Cisco Unified Communications Products Arbitrary File Write Vulnerability — Cisco Unified Communications Manager 4.9 Medium2022-04-21
CVE-2022-0246 iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip — iQ Block Country 6.5 -2022-04-11
CVE-2022-0593 Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion — Login with phone number 8.2 -2022-03-14
CVE-2021-24966 Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing — Error Log Viewer by BestWebSoft 4.9 -2022-03-14
CVE-2021-3845 External Control of File Name or Path in netristv/ws-scrcpy — netristv/ws-scrcpy 7.5 -2022-01-04
CVE-2021-34761 Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability — Cisco Firepower Threat Defense Software 4.4 Medium2021-10-27
CVE-2021-38477 AUVESY Versiondog — Versiondog 9.8 Critical2021-10-22
CVE-2021-3626 Windows version of Multipass unauthenticated localhost tcp control socket can perform mounts — Multipass 8.8 High2021-10-01
CVE-2021-1306 Cisco ADE-OS Local File Inclusion Vulnerability — Cisco Identity Services Engine Software 4.4 Medium2021-05-22
CVE-2021-22539 Code execution in VSCode-bazel via malicious Bazel config files — VSCode-Bazel 8.2 High2021-04-16
CVE-2021-27250 D-Link DAP-2020 安全漏洞 — DAP-2020 6.5 -2021-04-14
CVE-2021-21343 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights — xstream 5.3 Medium2021-03-22
CVE-2020-25161 Advantech WebAccess/SCADA WADashboard 安全漏洞 — Advantech WebAccess/SCADA 9.8 -2021-02-23
CVE-2020-26078 Cisco IoT Field Network Director File Overwrite Vulnerability — Cisco IoT Field Network Director (IoT-FND) 4.9 -2020-11-18
CVE-2020-6105 F2fs.Fsck 安全漏洞 — F2fs-Tools 7.8 -2020-10-15
CVE-2020-8553 Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names — ingress-nginx 5.9 Medium2020-07-29
CVE-2019-3681 osc: stores downloaded (supposed) RPM in network-controlled filesystem paths — SUSE Linux Enterprise Module for Development Tools 15 7.5 High2020-06-29

Vulnerabilities classified as CWE-73 (文件名或路径的外部可控制) represent 311 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.