mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
974 B
974 B
CVE-2014-4877
Description
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- https://github.com/rapid7/metasploit-framework/pull/4088
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722