CVE-2010-3096

Loading...

General

Score:9.3/10.0
Severity:High
Category:Path Manipulation

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 20/08/10 - Updated on 24/08/10

Description

Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename.

Category: Path Manipulation

CWE-22 (Path Traversal)
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Security Notices

US National Vulnerability DatabaseCVE-2010-3096

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
softxftp_client

Share this vulnerability with:

Twitter Facebook LinkedIn Mail