Floragasse 7 – 5th floor, 1040 Vienna

News

Security Advisory News! Monsta FTP 2.10.1 (CVE-2020-14057, CVE-2020-14056, CVE-2020-14055)

Arbitrary File Read and Write (CVE-2020-14057)

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-01_Monsta_FTP_Arbitrary_File_Read_and_Write

Server-Side Request Forgery (CVE-2020-14056)

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-02_Monsta_FTP_Server-Side_Request_Forgery

Stored Cross-Site Scripting (CVE-2020-14055)

Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191211-01_Monsta_FTP_Stored_XSS

This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close