Connect with us
X
Categories:

Technology

An incompleteFTP path traversal bug made it possible for attackers to remove server files.

Published

on

An incompleteFTP path traversal bug made it possible for attackers to remove server files.
Share this post:

Security issue fixed in version 22.1.1 of file transfer software.

A security vulnerability in file transfer software CompleteFTP allowed unauthenticated attackers to delete arbitrary files on affected installations.

Developed by EnterpriseDT of Australia, CompleteFTP is a proprietary FTP and SFTP server for Windows that supports FTPS, SFTP, and HTTPS.

A security researcher with the handle rgod discovered a flaw in the HttpFile class that results from the lack of proper validation of a user-supplied path prior to using it in file operations.

“This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP server,” a security advisory explains.

“An attacker can leverage this vulnerability to delete files in the context of SYSTEM.”

The issue was assigned CVE-2022-2560 and was fixed in CompleteFTP version 22.1.1.

This release includes other security enhancements in the form of SHA-2 cryptographic hash function for RSA signatures and a new format for PuTTY private keys.


Get More Stories Like This On: Facebook: @AllNaijaEntertainment, Twitter: @AllNaijaEntertainment
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *



Join "ANE sabi" clique

Don't miss a thing, get ogbonge ANE latest updates to fuel your conversation daily.