Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via C: sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nexgen_ftp_server | Nexgen | 1.0 (including) | 1.0 (including) |
Nexgen_ftp_server | Nexgen | 2.0 (including) | 2.0 (including) |
Nexgen_ftp_server | Nexgen | 2.1 (including) | 2.1 (including) |
Nexgen_ftp_server | Nexgen | 2.2 (including) | 2.2 (including) |