PT-2020-12788 · Zftpserver · Provide

Published

2020-04-12

Updated

2020-04-13

CVE-2020-11701

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ProVide (formerly zFTPServer) versions prior to 13.2

Description An issue exists in the User Web Interface of the affected software, where a CSRF condition allows granting filesystem access to the public. This access enables uploading and deleting files and directories.

Recommendations For ProVide (formerly zFTPServer) versions prior to 13.2, update to version 13.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the User Web Interface to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-11701

Affected Products

Provide

PT-2020-12788 · Zftpserver · Provide

CVE-2020-11701

Weakness Enumeration

Related Identifiers

Affected Products

References · 5