CVE-2020-11706

Name of the Vulnerable Software and Affected Versions ProVide (formerly zFTPServer) versions through 13.1

Description An issue was discovered in the Admin Interface, allowing Cross-Site Request Forgery (CSRF) for various actions, including changing usernames and passwords (including admin accounts), creating or deleting users, enabling or disabling services, setting a rogue update proxy, and shutting down the server.

Recommendations For ProVide (formerly zFTPServer) versions through 13.1, consider implementing CSRF protection measures, such as token-based validation, to prevent unauthorized actions in the Admin Interface. As a temporary workaround, restrict access to the Admin Interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.