CVE-2020-11701

2020-04-1202:44:27

mitre

www.cve.org

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%

JSON

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories.

References

github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20User%20Interface%20-%20Cross-Site%20Request%20Forgery

www.provideserver.com/security/