CVE-2009-1407

Name of the Vulnerable Software and Affected Versions NotFTP version 1.3.1

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in a certain file parameter within the config.php file.

Recommendations For NotFTP version 1.3.1, consider restricting access to the config.php file and the file parameter to minimize the risk of exploitation. Avoid using the file parameter with untrusted input until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.