mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 18:27:17 +00:00
870 B
870 B
CVE-2019-9648
Description
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a ....\ substring, allowing an attacker to enumerate file existence based on the returned information.
POC
Reference
- http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html
- https://seclists.org/fulldisclosure/2019/Mar/23
- https://www.exploit-db.com/exploits/46535