Описание
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:texasimperialsoftware:wftpd:3.00:r5:*:*:pro:*:*:*
EPSS
Процентиль: 72%
0.00729
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-59
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
EPSS
Процентиль: 72%
0.00729
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-59