CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
We have discovered 4,097 live websites that are affected by CWE-22.
CVEs
- Count - 3
CWE References
Countries
 United States | 1,030 websites |
 Germany | 512 websites |
 France | 249 websites |
 Italy | 241 websites |
 GB | 163 websites |
 Poland | 159 websites |
 Russia | 147 websites |
 Netherlands | 137 websites |
 Spain | 118 websites |
 Japan | 115 websites |
TLDs
| .com | 1,377 websites |
| .org | 435 websites |
| .de | 326 websites |
| .it | 143 websites |
| .ru | 124 websites |
| .pl | 114 websites |
| .nl | 109 websites |
| .net | 100 websites |
| .fr | 99 websites |
| .eu | 75 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-22| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Apr, 2023 | CVE-2023-1427 | Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal | 3,902 |
| Jun, 2022 | CVE-2022-1657 | JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion | 169 |
| Aug, 2021 | CVE-2021-34638 | WordPress Download Manager <= 3.1.24 Authenticated Directory Traversal | 26 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-22| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Apr, 2023 | CVE-2023-1427 | Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal | 3,902 |
| Jun, 2022 | CVE-2022-1657 | JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion | 169 |
| Aug, 2021 | CVE-2021-34638 | WordPress Download Manager <= 3.1.24 Authenticated Directory Traversal | 26 |
Websites affected by CWE-22
Top websites that are affected by CWE-22. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org |  Israel | **,*** | |
| *********.kz |  Kazakhstan | **,*** | |
| ******.name | France | **,*** | |
| ***********.org | United States | **,*** | |
| ***.*******.com | United States | **,*** | |
| ***.***.info | United States | **,*** | |
| ***.**********.**.uk | GB | **,*** | |
| ***.***********.com | GB | **,*** | |
| ***.***.***.ph |  Philippines | **,*** | |
| ************.net | United States | **,*** |