Input validation

2009-03-2621:00:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.3%

JSON

Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as “&” (ampersand) in the middle of an argument.

CPENameOperatorVersion
null_ftpeq1.1.0.7 pro
null_ftpeq1.1.0.7 svr

CPE	Name	Operator	Version
	null_ftp	eq	1.1.0.7 pro
	null_ftp	eq	1.1.0.7 svr

References

secunia.com/advisories/32999

vuln.sg/nullftpserver1107-en.html

www.osvdb.org/50486

www.securityfocus.com/bid/32656

www.vupen.com/english/advisories/2008/3367

www.vwsolutions.com/knowledgeBase/releaseNotes.aspx?productId=14

exchange.xforce.ibmcloud.com/vulnerabilities/47099

www.exploit-db.com/exploits/7355