Winscp · Winscp · CVE-2006-3015
**Name of the Vulnerable Software and Affected Versions**
WinSCP version 3.8.1 build 328
**Description**
The issue allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
**Recommendations**
For WinSCP version 3.8.1 build 328, update to a newer version that contains a fix for this issue to prevent arbitrary file uploads or downloads.