Vulnerability & Exploit Database

Back to search

ProFTPD Long Command Cross-Site Request Forgery Vulnerability

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:P/I:P/A:P) September 20, 2008 March 27, 2009 February 13, 2015

Description

ProFTPD versions before 1.3.2rc3 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

upgrade-proftpd-1_3_2rc3

Related Vulnerabilities