CVE-2008-2519 — Path Traversal in FTP

CWE-22 — Path Traversal3 documents3 sources

Severity

6.8MEDIUMNVD

CNA5.0

EPSS

0.3%

top 43.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Core FTP

Timeline

PublishedJun 3

Latest updateMay 1

Description

Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDcore_ftp/core_ftp2.1

Patches

Patch: www.coreftp.com ↗Patch: www.coreftp.com ↗

🔴Vulnerability Details

GHSA

GHSA-vmv8-824c-x53w: Directory traversal vulnerability in Core FTP client 2↗2022-05-01

▶

CVEList

CVE-2008-2519: Directory traversal vulnerability in Core FTP client 2↗2008-06-03

▶