CVE-2023-22629

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.

Published: Feb 14, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-22629
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
southrivertech / titan_ftp_server	-	1.94.1205.x

http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html
https://f20.be/cves/titan-ftp-vulnerabilities
https://titanftp.com
https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf

Vulnerability Database

290,273

CVE-2023-22629