Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter


SBA Security Advisory – Monsta FTP – Server-Side Request Forgery (CVE-2020-14056)

Vulnerability Overview

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.

  • Type of Vulnerability: Server-Side Request Forgery (SSRF)
  • CVSSv3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVSSv3.1 Base Score: 9.8 (Critical)


Full Security Advisory