header-logo
Suggest Exploit
vendor:
AceFTP Freeware
by:
Luigi Auriemma
8.8
CVSS
HIGH
Directory-Traversal
22
CWE
Product Name: AceFTP Freeware
Affected Version From: 3.80.3
Affected Version To: 3.80.3
Patch Exists: YES
Related CWE: CVE-2007-5133
CPE: a:visicom_media:aceftp_freeware
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2007

AceFTP Directory-Traversal Vulnerability

AceFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

Mitigation:

Upgrade to the latest version of AceFTP.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/29989/info

AceFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

AceFTP Freeware 3.80.3 and AceFTP Freeware 3.80.3 are vulnerable; other versions may also be affected.

Response to LIST:

/../../../../../../../../../testfile.txt\r\n

Navigation

Suggest Exploit

Services By CQR