Southrivertech Titan Ftp Server 2019 Directory traversal Vulnerability

Summary

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.

Credit:

The information has been provided by Kevin R

The original article can be found at: https://seclists.org/fulldisclosure/2019/Mar/47


Details

Southrivertech Titan Ftp Server 2019 is prone to a directory traversal vulnerability.This allows remote attackers to read arbitrary files via vulnerable vectors. The remote attacker might also have the ability to create, modify or overwrite critical files.

Vulnerable Systems:

  • Southrivertech Titan Ftp Server 2019

CVE Information:

CVE-2019-10009

Disclosure Timeline:
Publish Date:06/03/2019

Categories: News