CVE-2009-4194

moderate-risk

Published 2009-12-03

Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information.

Do I need to act?

1.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

10258

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (2)

Golden Ftp Server

Affected Vendors

Kmint21

References (8)

Broken Link http://blog.sat0ri.com/?p=292

Broken Link http://secunia.com/advisories/37527

Exploit http://www.exploit-db.com/exploits/10258

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/54497

Broken Link http://blog.sat0ri.com/?p=292

Broken Link http://secunia.com/advisories/37527

Exploit http://www.exploit-db.com/exploits/10258

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/54497

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 12/34 · Low

Exposure 7/34 · Low