CVE-2008-5275

EPSS 0.43%
Veröffentlicht 28.11.2008 19:00:08
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive.  NOTE: this can be leveraged for code execution by creating a .php file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Net2ftp ≫ Net2ftp Version0.96 Updatestable

Net2ftp ≫ Net2ftp Version0.97 Updatebeta

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.596

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://secunia.com/advisories/30611

Vendor Advisory

http://vuln.sg/net2ftp096-en.html

http://www.securityfocus.com/bid/29664

https://exchange.xforce.ibmcloud.com/vulnerabilities/42994

https://nvd.nist.gov/vuln/detail/CVE-2008-5275

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5275

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5275

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2008-5275