cve/2023/CVE-2023-45689.md

### [CVE-2023-45689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45689)
![](https://img.shields.io/static/v1?label=Product&message=Titan%20MFT&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Titan%20SFTP&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202.0.17.2298%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)

### Description

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal

### POC

#### Reference
- https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

#### Github
No PoCs found on GitHub currently.