Описание
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.
Ссылки
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.10.1 (включая)
cpe:2.3:a:monstaftp:monsta_ftp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00492
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918
Связанные уязвимости
github
больше 3 лет назад
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.
EPSS
Процентиль: 65%
0.00492
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918