Ws Ftp Server
CVE-2019-12146
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.
AnalysisAI
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory. Affected products include: Ipswitch Ws Ftp Server. Version information: before 8.6.1..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Ws Ftp Server
View allIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization v
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated critical severit
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. Rated critical s
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. Rated high sev
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Tra
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rat
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager in
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the admini
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path
In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSR
In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user suppl
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FT
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today