An issue exists in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an malicious user to enumerate file existence based on the returned information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
coreftp core ftp 2.0 |