mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-01 23:31:36 +02:00
0xMarcio
1.0 KiB
1.0 KiB
CVE-2019-9648
Description
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a ....\ substring, allowing an attacker to enumerate file existence based on the returned information.
POC
Reference
- http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html
- http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html
- https://seclists.org/fulldisclosure/2019/Mar/23
- https://seclists.org/fulldisclosure/2019/Mar/23
- https://www.exploit-db.com/exploits/46535
- https://www.exploit-db.com/exploits/46535