An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server’s filesystem.
CPE | Name | Operator | Version |
---|---|---|---|
titan_ftp_server | le | 1.94.1205 |