Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2821Path Traversal in Secure FTP

CWE-22Path Traversal4 documents4 sources
Severity
9.3CRITICALNVD
CNA5.0
EPSS
3.2%
top 13.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Glub Secure FTP
Timeline
PublishedJun 23
Latest updateMay 1

Description

Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDglub/secure_ftp2.5.15

🔴Vulnerability Details

2
GHSA
GHSA-8q66-4pqj-jhjr: Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 22022-05-01
CVEList
CVE-2008-2821: Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 22008-06-23

💥Exploits & PoCs

1
Exploit-DB
Glub Tech Secure FTP 2.5.15 - 'LIST' Directory Traversal2008-06-13
CVE-2008-2821 — Path Traversal in Glub Secure FTP | cvebase