CVE-2005-2314

Name of the Vulnerable Software and Affected Versions: PHPsFTPd versions 0.2 through 0.4

Description: The issue allows remote attackers to obtain the administrator's username and password. This is achieved by setting the do login parameter and performing an edit action using user.php, which bypasses the login check and leaks the password in the response.

Recommendations: For PHPsFTPd versions 0.2 through 0.4, consider restricting access to the user.php endpoint and the do login parameter until a patch is available. As a temporary workaround, avoid using the do login parameter in the affected endpoint to minimize the risk of exploitation.