目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-25 路径遍历:’/../filedir’ 类漏洞列表 11

CWE-25 路径遍历:’/../filedir’ 类弱点 11 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-25 属于路径遍历漏洞,指程序未正确过滤外部输入中的“/../”序列,导致解析出受限目录外的路径。攻击者利用此缺陷读取敏感文件或执行任意代码。开发者应严格校验输入,使用白名单机制限制访问范围,并采用绝对路径或规范化处理,确保最终路径始终位于预期目录内,从而有效阻断非法访问。

MITRE CWE 官方描述
CWE:CWE-25 路径遍历 (Path Traversal):使用 '/../filedir' 产品使用外部输入来构建一个预期位于受限目录内的路径名,但它未能正确中和 "/../" 序列,而这些序列可解析到该目录之外的位置。 这允许攻击者遍历文件系统,以访问受限目录之外的文件或目录。有时程序会检查输入开头是否存在 "../",因此 "/../" 可以绕过该检查。
常见影响 (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
缓解措施 (2)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
CVE ID标题CVSS风险等级Published
CVE-2026-23877 swingmusic 访问控制错误漏洞 — swingmusic 6.5AIMediumAI2026-01-19
CVE-2025-68916 Riello UPS NetMan 208 安全漏洞 — NetMan 9.1 Critical2025-12-24
CVE-2025-58286 Huawei HarmonyOS 安全漏洞 — HarmonyOS 3.3 Low2025-10-11
CVE-2025-0225 Tsinghua Unigroup Archives Management System 安全漏洞 — Electronic Archives System 4.3 Medium2025-01-05
CVE-2023-6947 WordPress plugin Best WordPress Gallery Plugin–FooGallery 安全漏洞 — FooGallery Premium 7.7 High2024-12-10
CVE-2024-2442 Franklin Fueling System EVO 安全漏洞 — EVO 550 7.5 High2024-03-19
CVE-2023-52138 Engrampa 后置链接漏洞 — engrampa 8.2 High2024-02-05
CVE-2023-6919 Biges Safe Life Technologies Electronics VGuard 安全漏洞 — VGuard 7.5 High2024-01-26
CVE-2023-6118 Neutron IP Camera 安全漏洞 — IP Camera 7.5 High2023-11-23
CVE-2022-20818 Cisco SD-WAN 路径遍历漏洞 — Cisco SD-WAN Solution 7.8 High2022-09-30
CVE-2022-20775 Cisco SD-WAN 路径遍历漏洞 — Cisco Catalyst SD-WAN 7.8 High2022-09-30

CWE-25(路径遍历:’/../filedir’) 是常见的弱点类别,本平台收录该类弱点关联的 11 条 CVE 漏洞。