CVE-2008-7262 — Path Traversal in Pyftpdlib

CWE-22 — Path Traversal5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 32.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

G.rodola Pyftpdlib Debian Python-pyftpdlib

Timeline

PublishedOct 19

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶PyPIg.rodola/pyftpdlib< 0.3.0

▶NVDg.rodola/pyftpdlib0.2.0+2

▶debiandebian/python-pyftpdlib

🔴Vulnerability Details

GHSA

Directory traversal in pyftpdlib↗2022-05-17

▶

OSV

Directory traversal in pyftpdlib↗2022-05-17

▶

OSV

CVE-2008-7262: Multiple directory traversal vulnerabilities in FTPServer↗2010-10-19

▶

📋Vendor Advisories

Debian

CVE-2008-7262: python-pyftpdlib - Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before...↗2008

▶