Vulnerability Description
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Net2Ftp | Net2Ftp | 0.96 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30611Vendor Advisory
- http://vuln.sg/net2ftp096-en.html
- http://www.securityfocus.com/bid/29664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42994
- http://secunia.com/advisories/30611Vendor Advisory
- http://vuln.sg/net2ftp096-en.html
- http://www.securityfocus.com/bid/29664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42994
FAQ
What is CVE-2008-5275?
CVE-2008-5275 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, o...
How severe is CVE-2008-5275?
CVE-2008-5275 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5275?
Check the references section above for vendor advisories and patch information. Affected products include: Net2Ftp Net2Ftp.