PT-2020-13868 · Monstra · Monstaftp
David Gnedt
·
Published
2020-07-01
·
Updated
2020-07-08
·
CVE-2020-14057
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Monsta FTP versions 2.10.1 and earlier
Description
The issue allows external control of paths used in filesystem operations, enabling attackers to read and write arbitrary local files. This can lead to an attacker gaining remote code execution in common deployments.
Recommendations
For Monsta FTP versions 2.10.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Monstaftp