CVE-2022-22836 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Vendor	Product	Version
coreftp	core_ftp	𝑥 ≤ 1.2
coreftp	core_ftp	2.0:build_639
coreftp	core_ftp	2.0:build_640
coreftp	core_ftp	2.0:build_641
coreftp	core_ftp	2.0:build_642
coreftp	core_ftp	2.0:build_645
coreftp	core_ftp	2.0:build_647
coreftp	core_ftp	2.0:build_649
coreftp	core_ftp	2.0:build_651
coreftp	core_ftp	2.0:build_653
coreftp	core_ftp	2.0:build_655
coreftp	core_ftp	2.0:build_656
coreftp	core_ftp	2.0:build_657
coreftp	core_ftp	2.0:build_658
coreftp	core_ftp	2.0:build_659
coreftp	core_ftp	2.0:build_665
coreftp	core_ftp	2.0:build_667
coreftp	core_ftp	2.0:build_668
coreftp	core_ftp	2.0:build_671
coreftp	core_ftp	2.0:build_673
coreftp	core_ftp	2.0:build_674
coreftp	core_ftp	2.0:build_676
coreftp	core_ftp	2.0:build_677
coreftp	core_ftp	2.0:build_679
coreftp	core_ftp	2.0:build_682
coreftp	core_ftp	2.0:build_687
coreftp	core_ftp	2.0:build_689
coreftp	core_ftp	2.0:build_691
coreftp	core_ftp	2.0:build_694
coreftp	core_ftp	2.0:build_695
coreftp	core_ftp	2.0:build_697
coreftp	core_ftp	2.0:build_699
coreftp	core_ftp	2.0:build_702
coreftp	core_ftp	2.0:build_704
coreftp	core_ftp	2.0:build_705
coreftp	core_ftp	2.0:build_711
coreftp	core_ftp	2.0:build_713
coreftp	core_ftp	2.0:build_715
coreftp	core_ftp	2.0:build_719
coreftp	core_ftp	2.0:build_725

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509

https://yoursecuritybores.me/coreftp-vulnerabilities/

http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509

https://yoursecuritybores.me/coreftp-vulnerabilities/