CVE-2017-15270

Name of the Vulnerable Software and Affected Versions PSFTPd version 10.0.4 Build 729

Description The issue allows attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent by not properly escaping data before writing it into a Comma Separated Values (CSV) file. Special characters such as ", , and r are not escaped and can be used to add new entries to the log.

Recommendations For PSFTPd version 10.0.4 Build 729, consider implementing proper data escaping before writing to CSV files to prevent the addition of arbitrary log entries. As a temporary workaround, restrict the use of special characters in input data to minimize the risk of exploitation.