CVE-2022-22836

Опубликовано: 10 янв. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

Ссылки

http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509
Release Notes
Vendor Advisory
https://yoursecuritybores.me/coreftp-vulnerabilities/
Exploit
Third Party Advisory
http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509
Release Notes
Vendor Advisory
https://yoursecuritybores.me/coreftp-vulnerabilities/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:coreftp:core_ftp:*:*:*:*:*:*:*:*

Версия до 1.2 (включая)

cpe:2.3:a:coreftp:core_ftp:2.0:build_639:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_640:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_641:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_642:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_645:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_647:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_649:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_651:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_653:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_655:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_656:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_657:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_658:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_659:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_665:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_667:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_668:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_671:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_673:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_674:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_676:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_677:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_679:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_682:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_687:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_689:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_691:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_694:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_695:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_697:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_699:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_702:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_704:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_705:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_711:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_713:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_715:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_719:*:*:*:*:*:*

cpe:2.3:a:coreftp:core_ftp:2.0:build_725:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03128

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-3mhc-qrfq-hh49

github

около 4 лет назад