Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via … (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.
CPE | Name | Operator | Version |
---|---|---|---|
xlight_ftp_server | eq | 3.5 | |
xlight_ftp_server | eq | 3.5.5 |