CVE-2023-22629

Опубликовано: 14 фев. 2023

Источник: nvd

CVSS3: 8.8

EPSS Высокий

Описание

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.

Ссылки

http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html
https://f20.be/cves/titan-ftp-vulnerabilities
Exploit
Third Party Advisory
https://titanftp.com
Product
https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
Release Notes
http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html
https://f20.be/cves/titan-ftp-vulnerabilities
Exploit
Third Party Advisory
https://titanftp.com
Product
https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*

Версия до 1.94.1205 (включая)

EPSS

Процентиль: 99%

0.80133

Высокий

8.8 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-vvqp-3hj4-rj73