header-logo
Suggest Exploit
vendor:
TitanFTP Server
by:
Andreas Finstad
8.8
CVSS
HIGH
Path traversal to Remote Code Execution (RCE)
22
CWE
Product Name: TitanFTP Server
Affected Version From: < 2.0.1.2102
Affected Version To: 2.0.1.2102
Patch Exists: Yes
Related CWE: CVE-2023-22629
CPE: titanftp:titanftp_server
Metasploit:
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=158972https://www.infosecmatter.com/nessus-plugin-library/?id=159106
Platforms Tested: Windows 2022 Server
2023

TitanFTP 2.0.1.2102 – Path traversal to Remote Code Execution (RCE)

TitanFTP is vulnerable to a path traversal vulnerability, which can be exploited to gain remote code execution. An attacker can send a specially crafted request to the vulnerable server, which can be used to traverse the file system and execute arbitrary code.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of TitanFTP.
Source

Exploit-DB raw data:

# Exploit Title: TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)

# Date: 02.14.2023
# Exploit Author: Andreas Finstad
# Vendor Homepage: https://titanftp.com/

# Version: < 2.0.1.2102

# Tested on: Windows 2022 Server
# CVE : CVE-2023-22629


Exploit and description here:
https://f20.be/blog/titanftp

Kind regards
Andreas Finstad

Navigation

Suggest Exploit

Services By CQR