CVE-2020-11701

Published: Apr 12, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories.

Affected (1)

Products: Provideserver: Provide Ftp Server

Provideserver

1 product

Provide Ftp Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Provideserver Provide Ftp Server	Up to 13.1

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20User%20Interface%20-%20Cross-Site%20Request%20Forgery

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.provideserver.com/security/

Source: cve@mitre.org

Vendor Advisory

https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20User%20Interface%20-%20Cross-Site%20Request%20Forgery

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.provideserver.com/security/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.