PlatinumFTPServer 1.0.6 - Directory Traversal

EDB-ID:

22136

CVE:

N/A




Platform:

Windows

Date:

2003-01-07


source: https://www.securityfocus.com/bid/6554/info

PlatinumFTPserver is an FTP server for Microsoft Windows systems. It is commercially available, and distributed by PlatinumFTP.

A directory traversal vulnerability has been reported in PlatinumFTPserver. The program does not sufficiently handle dot-dot-slash input, which could result in an attacker gaining access to unauthorized resources. 

dir ..\directory

where directory represents a directory outside the FTP root.

del ..\file

where file represents a file outside the FTP root.