CVE-2023-22629

HIGH8.8

Public PoC

Description

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Exploits & PoCs

nucleiTitanFTP move-file Function ≤ 1.94.1205 - Path Traversalby pussycat0x

References

MISChttps://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
MISChttps://titanftp.com
MISChttps://f20.be/cves/titan-ftp-vulnerabilities
EXPLOIThttp://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html