CVE-2020-5196

Name of the Vulnerable Software and Affected Versions Cerberus FTP Server Enterprise Edition versions prior to 11.0.3 Cerberus FTP Server Enterprise Edition versions prior to 10.0.18

Description The issue allows an authenticated attacker to bypass certain permissions, enabling them to create files, display hidden files, list directories, and list files without the necessary permissions. This is achieved by utilizing the zip and unzip features. As a result, users without the required permission can access files, folders, and hidden files, and can create directories without permission.

Recommendations For versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue. For versions prior to 10.0.18, update to version 10.0.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the zip and unzip features until a patch is applied.