Published: 03/06/2019 Updated: 06/06/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

A Directory Traversal issue exists in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
southrivertech titan ftp server 2019

# Exploit Title: Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion # Google Dork: N/A # Date: 3/26/2019 # Exploit Author: Kevin Randall # Vendor Homepage: titanftpcom/ # Software Link: titanftpcom/download # Version: Firmware: Titan FTP Server Version 2019 Build 3505 # Tested on: Windows 7 32 Bit # ...

CWE-22 https://www.exploit-db.com/exploits/46611 https://seclists.org/fulldisclosure/2019/Mar/47 https://www.exploit-db.com/exploits/46611/http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html http://seclists.org/fulldisclosure/2019/Mar/47 http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html https://nvd.nist.gov https://www.exploit-db.com/exploits/46611

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-10009

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect