Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Alftp | Estsoft | 4.1 | 4.1 |
Alftp | Estsoft | 4.1 | 4.1 |
Alftp | Estsoft | * | 5.1 |
Alftp | Estsoft | 5.0 | 5.0 |
Alftp | Estsoft | 5.1 | 5.1 |
Alftp | Estsoft | 4.1 | 4.1 |