CVE-2007-4756

2007-09-08T01:17:00
ID CVE-2007-4756
Type cve
Reporter cve@mitre.org
Modified 2018-10-15T21:37:00

Description

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.