vendor:
httpdx
by:
FB1H2S
5.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: httpdx
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows XP
2010
httpdx – ultralight http/ftp server directory Traversal
The 'httpdx' program is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an authenticated user to create directories outside the FTP root directory, which may lead to other attacks.
Mitigation:
The vendor should release a patch or update to sanitize user-supplied input and prevent directory traversal attacks. In the meantime, users can mitigate the risk by limiting access to the affected software or implementing strong input validation.