Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2894 — Path Traversal in Software Classic FTP

CWE-22 — Path Traversal4 documents4 sources

Severity

9.3CRITICALNVD

CNA5.0

EPSS

3.2%

top 12.92%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

NCH Software Classic FTP

Timeline

PublishedJun 27

Latest updateMay 1

Description

Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDnch_software/nch_software_classic_ftp1.02

🔴Vulnerability Details

GHSA

GHSA-ffhc-mxrh-vv2p: Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1↗2022-05-01

▶

CVEList

CVE-2008-2894: Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1↗2008-06-27

▶

💥Exploits & PoCs

Exploit-DB

Classic FTP 1.02 - 'LIST' Directory Traversal↗2008-06-20

▶