vendor:
FTP Library
by:
Unknown
N/A
CVSS
CRITICAL
Code Injection
94
CWE
Product Name: FTP Library
Affected Version From: Python FTP library versions prior to 3.9.7
Affected Version To: Python FTP library versions prior to 3.9.7
Patch Exists: YES
Related CWE: CVE-2021-25283
CPE: a:python:ftp_library
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=146904, https://www.infosecmatter.com/nessus-plugin-library/?id=146897, https://www.infosecmatter.com/nessus-plugin-library/?id=155634, https://www.infosecmatter.com/nessus-plugin-library/?id=146970, https://www.infosecmatter.com/nessus-plugin-library/?id=146985, https://www.infosecmatter.com/nessus-plugin-library/?id=146878, https://www.infosecmatter.com/nessus-plugin-library/?id=150920, https://www.infosecmatter.com/nessus-plugin-library/?id=148112, https://www.infosecmatter.com/nessus-plugin-library/?id=146877, https://www.infosecmatter.com/nessus-plugin-library/?id=148273
Platforms Tested: All platforms
2021
FTP Library Exploit
The FTP library in Python allows an attacker to inject malicious code through specially crafted input, leading to remote code execution. This vulnerability can be exploited by an attacker with network access to the vulnerable system.
Mitigation:
To mitigate this vulnerability, it is recommended to update the Python FTP library to the latest version. Additionally, input validation and sanitization should be performed to prevent code injection attacks.