header-logo
Suggest Exploit
vendor:
RaidenFTPD
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: RaidenFTPD
Affected Version From: All versions prior to 2.4.2241
Affected Version To: 2.4.2241
Patch Exists: YES
Related CWE: N/A
CPE: a:raidenftpd:raidenftpd
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

RaidenFTPD Unauthorized Access Vulnerability

RaidenFTPD is prone to a vulnerability that could allow unauthorized access to files outside the FTP root. The issue exists due to a lack of sufficient sanitization performed on 'SITE urlget' requests. Directory traversal sequences may be passed as a parameter for this request. This vulnerability allows a remote attacker to read files outside of the FTP document root directory. An attacker may read files with the privileges of the FTP server process.

Mitigation:

Upgrade to RaidenFTPD version 2.4.2241 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13292/info

RaidenFTPD is prone to a vulnerability that could allow unauthorized access to files outside the FTP root. The issue exists due to a lack of sufficient sanitization performed on 'SITE urlget' requests. Directory traversal sequences may be passed as a parameter for this request.

This vulnerability allows a remote attacker to read files outside of the FTP document root directory. An attacker may read files with the privileges of the FTP server process.

This issue was reported to affect all versions of RaidenFTPD prior to 2.4.2241.

quote site urlget file://\..\\boot.ini

Navigation

Suggest Exploit

Services By CQR