CVE-2020-14057

Published: Jul 1, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.

Affected (1)

Products: Monstaftp: Monsta Ftp

Monstaftp

1 product

Monsta Ftp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Monstaftp Monsta Ftp	Up to 2.10.1

Related CWEs

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References (4)

https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-01_Monsta_FTP_Arbitrary_File_Read_and_Write

Source: cve@mitre.org

Third Party Advisory

https://www.monstaftp.com/notes/

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-01_Monsta_FTP_Arbitrary_File_Read_and_Write

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.monstaftp.com/notes/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.