CoreFTP Server build 725 - Directory Traversal (Authenticated)

vendor:

CoreFTP Server

by:

LiamInfosec

6.5

CVSS

MEDIUM

Directory Traversal

CWE

Product Name: CoreFTP Server

Affected Version From: build 725

Affected Version To: build 726

Patch Exists: YES

Related CWE: CVE-2022-22836

CPE: a:coreftp:coreftp_server

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2022

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

Upgrade to CoreFTP Server build 727 or later

Source