CVE Vulnerability

CVE-2022-22836

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://yoursecuritybores.me/coreftp-vulnerabilities/ Exploit Third Party Advisory
http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509 Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:coreftp:core_ftp:*:*:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_697:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_639:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_640:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_641:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_642:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_645:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_647:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_649:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_651:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_653:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_655:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_656:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_657:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_658:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_659:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_665:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_668:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_671:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_673:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_674:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_676:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_667:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_677:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_679:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_682:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_687:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_689:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_691:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_694:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_695:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_699:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_702:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_704:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_705:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_711:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_713:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_715:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_719:*:*:*:*:*:*
cpe:2.3:a:coreftp:core_ftp:2.0:build_725:*:*:*:*:*:*
Information

Published : 2022-01-10 02:12

Updated : 2022-01-19 04:15

NVD link : CVE-2022-22836

Mitre link : CVE-2022-22836

Products Affected
No products.
CWE
CWE-22