FKIE_CVE-2022-22836
Vulnerability from fkie_nvd - Published: 2022-01-10 14:12 - Updated: 2024-11-21 06:47
Severity ?
Summary
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://yoursecuritybores.me/coreftp-vulnerabilities/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://yoursecuritybores.me/coreftp-vulnerabilities/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coreftp | core_ftp | * | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 | |
| coreftp | core_ftp | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60FAB380-E311-42E7-AA7F-D3C59639FD36",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_639:*:*:*:*:*:*",
"matchCriteriaId": "9653F511-12E9-426B-BE06-6729639FAFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_640:*:*:*:*:*:*",
"matchCriteriaId": "F2A66807-4441-4FCC-A8E2-470DA5D2CCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_641:*:*:*:*:*:*",
"matchCriteriaId": "2950665A-8C16-4192-96E1-055C95BB27C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_642:*:*:*:*:*:*",
"matchCriteriaId": "C0D479C3-F5BC-46AF-915B-5ED84AA055BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_645:*:*:*:*:*:*",
"matchCriteriaId": "B5932950-C5A6-4272-8393-0BA73CF30022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_647:*:*:*:*:*:*",
"matchCriteriaId": "E17FE79D-062C-425E-8231-635A78E9F160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_649:*:*:*:*:*:*",
"matchCriteriaId": "D73D3CFE-CBBD-4D67-9AB6-C25124FFCB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_651:*:*:*:*:*:*",
"matchCriteriaId": "17EF44EC-BD12-4BF9-AFD2-AE6946179066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_653:*:*:*:*:*:*",
"matchCriteriaId": "EA10948B-CE3E-4DDD-99B1-AC5EBF028E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_655:*:*:*:*:*:*",
"matchCriteriaId": "BA696B44-1F79-4B09-A54F-D2D44149C3F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_656:*:*:*:*:*:*",
"matchCriteriaId": "74E8F681-11EE-4644-8733-3C4866CA4C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_657:*:*:*:*:*:*",
"matchCriteriaId": "57162852-865D-4BBD-82A4-9EA3268FC69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_658:*:*:*:*:*:*",
"matchCriteriaId": "9EEC2B80-5948-48BD-A57C-17E0B838B13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_659:*:*:*:*:*:*",
"matchCriteriaId": "894F321E-1EBF-407C-8EEB-69E624553CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_665:*:*:*:*:*:*",
"matchCriteriaId": "76FE817F-ED2E-4EED-B545-3D550F4F57E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_667:*:*:*:*:*:*",
"matchCriteriaId": "DA70A26B-9F94-44B0-97CA-AE30FD33622C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_668:*:*:*:*:*:*",
"matchCriteriaId": "E0260895-35E1-4398-A22B-474CD1E51E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_671:*:*:*:*:*:*",
"matchCriteriaId": "46D2E89F-9345-459F-B795-8A0E52EE9E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_673:*:*:*:*:*:*",
"matchCriteriaId": "3060984A-886B-4464-93E8-8C38B704D861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_674:*:*:*:*:*:*",
"matchCriteriaId": "38C91817-6753-4059-B5D4-0D986F21D967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_676:*:*:*:*:*:*",
"matchCriteriaId": "55B7F24A-12DA-441C-80AF-51577DABDF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_677:*:*:*:*:*:*",
"matchCriteriaId": "3D4BD882-AC61-4A52-AD4C-1C3232ABF1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_679:*:*:*:*:*:*",
"matchCriteriaId": "D30D7337-282B-4C80-A87A-ECEF03FA9D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_682:*:*:*:*:*:*",
"matchCriteriaId": "6878F188-1B25-4B89-A741-75F4FB0B8179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_687:*:*:*:*:*:*",
"matchCriteriaId": "8A33A6C0-0645-4C46-BAEC-B271D5398832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_689:*:*:*:*:*:*",
"matchCriteriaId": "96E1D730-65B7-4CD8-B444-9EC59FCD01C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_691:*:*:*:*:*:*",
"matchCriteriaId": "335DC8EF-68D4-425C-B225-D47FBB6DED0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_694:*:*:*:*:*:*",
"matchCriteriaId": "965ECA92-CE42-4BB4-929F-9FEBEE81EDB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_695:*:*:*:*:*:*",
"matchCriteriaId": "EC0FAAFF-6714-4719-A298-AD44E7719C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_697:*:*:*:*:*:*",
"matchCriteriaId": "8D25AF2E-03D3-4523-AEE3-2174FA8D0C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_699:*:*:*:*:*:*",
"matchCriteriaId": "042DAB6B-47EF-4DDB-87F0-167603240123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_702:*:*:*:*:*:*",
"matchCriteriaId": "243CC193-85CD-44B0-A63F-71BBFDF1D6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_704:*:*:*:*:*:*",
"matchCriteriaId": "49BC71E4-CE3A-450D-A2F0-36273701F895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_705:*:*:*:*:*:*",
"matchCriteriaId": "AD233196-C6C3-4446-9D6E-814A45DB220D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_711:*:*:*:*:*:*",
"matchCriteriaId": "3C3FEBA0-EC1F-49BD-8CF1-3E56BB6BED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_713:*:*:*:*:*:*",
"matchCriteriaId": "BBE32CC8-D71A-40B3-A212-3FCF28F7B562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_715:*:*:*:*:*:*",
"matchCriteriaId": "D99AFB55-FDD5-4C6D-B272-4F3F49E50335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_719:*:*:*:*:*:*",
"matchCriteriaId": "DA505FA6-6AC2-4C1E-BD91-68903E44C68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_725:*:*:*:*:*:*",
"matchCriteriaId": "9179FEB3-2371-45A3-B544-3FC29DDB2C65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request."
},
{
"lang": "es",
"value": "CoreFTP Server versiones anteriores a 727 ,permite un salto de directorio (para la creaci\u00f3n de archivos) por un atacante autenticado por medio de ../ en una petici\u00f3n HTTP PUT"
}
],
"id": "CVE-2022-22836",
"lastModified": "2024-11-21T06:47:33.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-10T14:12:57.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.coreftp.com/forums/viewtopic.php?f=15\u0026t=4022509"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://yoursecuritybores.me/coreftp-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.coreftp.com/forums/viewtopic.php?f=15\u0026t=4022509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://yoursecuritybores.me/coreftp-vulnerabilities/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…