CVE-2019-9649
CVE-2019-9649
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/154205/CoreFTP-Server-MDTM-Directory-Traversal.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46534unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/154205/CoreFTP-Server-MDTM-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2019/Aug/22https://seclists.org/fulldisclosure/2019/Mar/25https://www.exploit-db.com/exploits/46534http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509http://www.securityfocus.com/bid/107449