CWE-22

Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246.

An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service.

The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.

The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.

cli/lib/main.js in Entropic before 2019-06-13 does not reject / and in command names, which might allow a directory traversal attack in unusual situations.

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.