Vulnerability Database

296,317

Total vulnerabilities in the database

CVE-2020-5196

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.

  • Published: Jan 14, 2020
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-5196
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.1
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

Software From Fixed in
cerberusftp / ftp_server 10.0.0 10.0.18
cerberusftp / ftp_server 11.0.0 11.0.3