Mendelson · Mendelson Oftp2 · CVE-2022-27906
**Name of the Vulnerable Software and Affected Versions**
Mendelson OFTP2 versions prior to 1.1 b43
**Description**
The issue allows an attacker to perform a directory traversal attack. To exploit this, the attacker must be aware of one of the configured Odette IDs of the OFTP2 server. This enables the attacker to upload files to the server in locations outside of the intended upload directory.
**Recommendations**
For Mendelson OFTP2 versions prior to 1.1 b43, update to version 1.1 b43 or later to resolve the issue. As a temporary workaround, consider restricting access to the configured Odette IDs to minimize the risk of exploitation.