Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Enterprise Distributed Technologies CompleteFTP Server 路径遍历漏洞
Vulnerability Description
Enterprise Distributed Technologies CompleteFTP Server是澳大利亚Enterprise Distributed Technologies公司的一款基于Windows的SFTP(SHH文件传输协议)服务器。 Enterprise Distributed Technologies CompleteFTP Server v22.1.0 版本存在路径遍历漏洞,该漏洞源于在文件操作中使用用户提供的路径之前未对其进行适当验证。
CVSS Information
N/A
Vulnerability Type
N/A