cve/2024/CVE-2024-7744.md

### [CVE-2024-7744](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7744)
![](https://img.shields.io/static/v1?label=Product&message=WS_FTP%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%20External%20Control%20of%20File%20Name%20or%20Path&color=brightgreen)

### Description

In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds