7.6 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.3%
Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "…" (dot dot backslash) sequences in a filename. NOTE: the "…" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CPE | Name | Operator | Version |
---|---|---|---|
ghisler:total_commander | ghisler total commander | le | 7.01 |
blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt
osvdb.org/39838
secunia.com/advisories/26734
securityreason.com/securityalert/3106
www.ghisler.com/whatsnew.htm
www.securityfocus.com/archive/1/478720/100/0/threaded
www.securityfocus.com/bid/25581
www.securitytracker.com/id?1018662
www.vupen.com/english/advisories/2007/3102
exchange.xforce.ibmcloud.com/vulnerabilities/36486
exchange.xforce.ibmcloud.com/vulnerabilities/36487