CWE-24
Path Traversal: '../filedir'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
We have discovered 438,935 live websites that are affected by CWE-24.
CVEs
- Count - 4
CWE References
Website Distribution by Country
Number of websites using CWE-24 United States | 147,300 websites |
 France | 139,397 websites |
 Germany | 16,905 websites |
 Russia | 13,312 websites |
 Brazil | 9,990 websites |
 Japan | 9,279 websites |
 China | 8,403 websites |
 Italy | 7,761 websites |
 Spain | 7,461 websites |
 Poland | 7,056 websites |
Website Distribution by TLD
Number of websites using CWE-24| .com | 208,807 websites |
| .fr | 58,373 websites |
| .org | 22,895 websites |
| .net | 13,142 websites |
| .ru | 10,799 websites |
| .de | 10,287 websites |
| .com.br | 8,660 websites |
| .it | 7,256 websites |
| .be | 7,205 websites |
| .pl | 6,644 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-24| Discovered | CVE | Description | Websites |
|---|---|---|---|
| May, 2025 | CVE-2025-48050 | In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is loca... | 39,043 |
| Apr, 2025 | CVE-2025-43919 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitra... | 821 |
| May, 2022 | CVE-2022-29253 | Path Traversal in XWiki Platform | 1 |
| Oct, 2021 | CVE-2021-21706 | ZipArchive::extractTo may extract outside of destination dir | 399,750 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-24| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Oct, 2021 | CVE-2021-21706 | ZipArchive::extractTo may extract outside of destination dir | 399,750 |
| May, 2025 | CVE-2025-48050 | In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is loca... | 39,043 |
| Apr, 2025 | CVE-2025-43919 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitra... | 821 |
| May, 2022 | CVE-2022-29253 | Path Traversal in XWiki Platform | 1 |
Websites affected by CWE-24
Top websites that are affected by CWE-24. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.com | United States | *** | |
| *****.pl | Poland | *,*** | |
| *****.*********.com | United States | *,*** | |
| ****.org |  GB | *,*** | |
| **********.org | United States | *,*** | |
| *******.**.uk |  Netherlands | *,*** | |
| ******.com | France | *,*** | |
| **********.com | France | *,*** | |
| ***********.ch |  Switzerland | *,*** | |
| ***********.com | United States | *,*** |