CVE-2009-4053

Name of the Vulnerable Software and Affected Versions Home FTP Server version 1.10.1.139

Description Multiple directory traversal vulnerabilities allow remote authenticated users to create arbitrary directories via directory traversal sequences in an MKD command or create files with any contents in arbitrary directories via directory traversal sequences in a file upload request.

Recommendations For Home FTP Server version 1.10.1.139, consider restricting access to the MKD command and file upload requests to minimize the risk of exploitation. As a temporary workaround, limit the ability to create directories and upload files to authorized users only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.