CVE-2007-4756

2007-09-07T21:17:00
ID CVE-2007-4756
Type cve
Reporter NVD
Modified 2018-10-15T17:37:14

Description

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.