Untrusted search path vulnerability in ALFTP prior to 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
estsoft alftp |
||
estsoft alftp 4.1 |
||
estsoft alftp 5.0 |
||
estsoft alftp 5.1 |