CRITICAL🇬🇧 English

CVE-2020-14057

CVSS 9.8v3.1pub. 2020-07-01upd. 2024-11-21

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Monstaftp Monsta Ftp

    APP
    Monstaftp
    ≤ 2.10.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2025-34299CRITICAL9.3PL ✓ten sam produkt

Monsta FTP: nieuwierzytelniony upload pliku prowadzący do RCE

CVE-2022-27468CRITICAL9.8ten sam produkt

Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitra...

CVE-2022-27469CRITICAL9.8ten sam produkt

Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).

CVE-2020-14056CRITICAL9.8ten sam produkt

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restric...

CVE-2020-14055MEDIUM6.1ten sam produkt

Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due...