7.5 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.7%
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.
freshmeat.net/projects/tnftpd/?branch_id=14355&release_id=285654
osvdb.org/48637
secunia.com/advisories/31958
exchange.xforce.ibmcloud.com/vulnerabilities/45534