Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
x-diesel unreal commander 0.92_build573 |
||
x-diesel unreal commander 0.92_build565 |