cbcvebase.

Monstaftp Monsta Ftp vulnerabilities

6 known vulnerabilities affecting monstaftp/monsta_ftp.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-34299P1CRITICALCVSS 9.8ExploitedPoC≤ 2.112025-11-07
CVE-2025-34299 [CRITICAL] CWE-434 CVE-2025-34299: Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary f Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.
nvd
CVE-2020-14057P2CRITICALCVSS 9.8≤ 2.10.12020-07-01
CVE-2020-14057 [CRITICAL] CWE-610 CVE-2020-14057: Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allo Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.
nvd
CVE-2022-27468P3CRITICALCVSS 9.8v2.10.32022-04-26
CVE-2022-27468 [CRITICAL] CWE-434 CVE-2022-27468: Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execu Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server.
nvd
CVE-2020-14056P3CRITICALCVSS 9.8≤ 2.10.12020-07-01
CVE-2020-14056 [CRITICAL] CWE-918 CVE-2020-14056: Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficie Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.
nvd
CVE-2022-27469P3CRITICALCVSS 9.8v2.10.32022-04-26
CVE-2022-27469 [CRITICAL] CWE-918 CVE-2022-27469: Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).
nvd
CVE-2020-14055P4MEDIUMCVSS 6.1≤ 2.10.12020-07-01
CVE-2020-14055 [MEDIUM] CWE-79 CVE-2020-14055: Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language s Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding.
nvd
Monstaftp Monsta Ftp vulnerabilities | cvebase