CVE-2008-2779

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Published: Jun 19, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-2779
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
globalscape / cuteftp	8.2.0	8.2.0.x

http://secunia.com/advisories/29760
http://vuln.sg/cuteftp820-en.html
http://www.securitytracker.com/id?1020113
http://www.vupen.com/english/advisories/2008/1653/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42633

Vulnerability Database

289,871

CVE-2008-2779