Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter


SBA Security Advisory – Monsta FTP – Arbitrary File Read and Write (CVE-2020-14057)

Vulnerability Overview

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.

  • Type of Vulnerability: External Control of File Name or Path
  • CVSSv3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVSSv3.1 Base Score: 9.8 (Critical)


Full Security Advisory