CVE-2008-5275

Name of the Vulnerable Software and Affected Versions net2ftp versions 0.96 through 0.97

Description The issue allows remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a TAR or ZIP archive. This can be leveraged for code execution by creating a .php file.

Recommendations For net2ftp versions 0.96 through 0.97, consider disabling the "Unzip archive" and "Upload files and archives" functionality until a patch is available to prevent exploitation. Restrict access to file upload features to minimize the risk of arbitrary file creation, reading, or deletion. Avoid using the .. (dot dot) notation in filenames within archives to prevent directory traversal.