← Back

CVE-2022-22836

nvd nist
Published: Jan 10, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

Affected (40)

Products: Coreftp: Core Ftp
Coreftp
1 product
Core Ftp
Configuration A
40 vulnerable
Vulnerable SoftwareAffected Versions
Coreftp
Core Ftp
Up to 1.2
Core Ftp
Version 2.0 build_639
Core Ftp
Version 2.0 build_640
Core Ftp
Version 2.0 build_641
Core Ftp
Version 2.0 build_642
Core Ftp
Version 2.0 build_645
Core Ftp
Version 2.0 build_647
Core Ftp
Version 2.0 build_649
Core Ftp
Version 2.0 build_651
Core Ftp
Version 2.0 build_653
Core Ftp
Version 2.0 build_655
Core Ftp
Version 2.0 build_656
Core Ftp
Version 2.0 build_657
Core Ftp
Version 2.0 build_658
Core Ftp
Version 2.0 build_659
Core Ftp
Version 2.0 build_665
Core Ftp
Version 2.0 build_667
Core Ftp
Version 2.0 build_668
Core Ftp
Version 2.0 build_671
Core Ftp
Version 2.0 build_673
Core Ftp
Version 2.0 build_674
Core Ftp
Version 2.0 build_676
Core Ftp
Version 2.0 build_677
Core Ftp
Version 2.0 build_679
Core Ftp
Version 2.0 build_682
Core Ftp
Version 2.0 build_687
Core Ftp
Version 2.0 build_689
Core Ftp
Version 2.0 build_691
Core Ftp
Version 2.0 build_694
Core Ftp
Version 2.0 build_695
Core Ftp
Version 2.0 build_697
Core Ftp
Version 2.0 build_699
Core Ftp
Version 2.0 build_702
Core Ftp
Version 2.0 build_704
Core Ftp
Version 2.0 build_705
Core Ftp
Version 2.0 build_711
Core Ftp
Version 2.0 build_713
Core Ftp
Version 2.0 build_715
Core Ftp
Version 2.0 build_719
Core Ftp
Version 2.0 build_725

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.