PT-2007-5980 · Diesel · X-Diesel Unreal Commander

Gynvael Coldwind

Published

2007-09-12

Updated

2018-10-15

CVE-2007-4843

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: X-Diesel Unreal Commander versions 0.92 build 565 through 0.92 build 573

Description: A directory traversal issue allows remote FTP servers to create or overwrite arbitrary files by including a .. (dot dot) in a filename. This can potentially be used for code execution by writing to a Startup folder.

Recommendations: For X-Diesel Unreal Commander version 0.92 build 565, update to a version that fixes this issue. For X-Diesel Unreal Commander version 0.92 build 573, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the FTP functionality until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2007-4843

Affected Products

X-Diesel Unreal Commander

PT-2007-5980 · Diesel · X-Diesel Unreal Commander

CVE-2007-4843

Weakness Enumeration

Related Identifiers

Affected Products

References · 8