Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-9649

Published: 22/03/2019 Updated: 26/08/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Core Ftp

Vulnerability Summary

An issue exists in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

coreftp core ftp 2.0

Exploits

Exploit DB: Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal
# Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal # Google Dork: N/A # Date: 3/13/2019 # Exploit Author: Kevin Randall # Vendor Homepage: wwwcoreftpcom # Software Link: wwwcoreftpcom/server/indexhtml # Version: Firmware: CoreFTP Server FTP / SFTP Server v2 - Build 674 # Tested on: Windows ...
Exploit DB: CoreFTP Server FTP / SFTP Server 2 Build 674 MDTM Directory Traversal
CoreFTP Server FTP and SFTP Server version 2 build 674 suffer from a directory traversal vulnerability By utilizing a directory traversal along with the FTP MDTM command, an attacker can browse outside the root directory to determine if a file exists based on return file size along with the date the file was last modified by using a \\ techniq ...
Exploit DB: CoreFTP Server MDTM Directory Traversal
An issue was discovered in the SFTP Server component in Core FTP 20 Build 674 Using the MDTM FTP command, a remote attacker can use a directory traversal (\\) to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date ...

References

CWE-22https://www.exploit-db.com/exploits/46534https://seclists.org/fulldisclosure/2019/Mar/25http://www.securityfocus.com/bid/107449http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509http://seclists.org/fulldisclosure/2019/Aug/22http://packetstormsecurity.com/files/154205/CoreFTP-Server-MDTM-Directory-Traversal.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/46534
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook