CVE-2019-9648
CVE-2019-9648
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46535unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2019/Aug/21https://seclists.org/fulldisclosure/2019/Mar/23https://www.exploit-db.com/exploits/46535http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509http://www.securityfocus.com/bid/107446