Tobias Maedel

**Name of the Vulnerable Software and Affected Versions** ProFTPD versions up to 1.3.5b **Description** The issue is related to an arbitrary file copy vulnerability in the mod copy module of ProFTPD, allowing for remote code execution and information disclosure without authentication. This can be exploited by sending CPFR and CPTO commands to the ProFTPD server, potentially enabling an attacker to execute arbitrary code on the target system. The vulnerability is severe and affects over 1 million servers. **Recommendations** For ProFTPD versions up to 1.3.5b, update to a version that contains a fix for this issue to prevent remote code execution and information disclosure. As a temporary workaround, consider disabling the mod copy module until a patch is available. Restrict access to the FTP server to minimize the risk of exploitation, especially when anonymous access is provided.