Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access
Vulnerability Description
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the shr global-option). This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the FTP or SFTP server is enabled, and also made publicly accessible. Given these conditions, when a user is browsing a share through either FTP or SFTP (not http or https), they can gain read-access to the remaining files inside the shared folder by guessing/bruteforcing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This vulnerability is similar to CVE-2025-58753 which was previously fixed for HTTP and HTTPS, but not for FTP. The FTPS server did not yet exist at that time. This vulnerability is fixed in 1.20.12.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Copyparty 安全漏洞
Vulnerability Description
Copyparty是ed个人开发者的一个便携式文件服务器。 Copyparty 1.20.12之前版本存在安全漏洞,该漏洞源于共享功能缺少权限检查,可能导致用户通过FTP或SFTP访问共享文件夹内的其他文件。
CVSS Information
N/A
Vulnerability Type
N/A