{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-08T22:30:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://yoursecuritybores.me/coreftp-vulnerabilities/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-22836", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://yoursecuritybores.me/coreftp-vulnerabilities/", "refsource": "MISC", "url": "https://yoursecuritybores.me/coreftp-vulnerabilities/"}, {"name": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509", "refsource": "MISC", "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-22836", "datePublished": "2022-01-08T22:30:11", "dateReserved": "2022-01-08T00:00:00", "dateUpdated": "2022-01-08T22:30:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coreftp:core_ftp:*:*:*:*:*:*:*:*", "matchCriteriaId": "60FAB380-E311-42E7-AA7F-D3C59639FD36", "versionEndIncluding": "1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_639:*:*:*:*:*:*", "matchCriteriaId": "9653F511-12E9-426B-BE06-6729639FAFF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_640:*:*:*:*:*:*", "matchCriteriaId": "F2A66807-4441-4FCC-A8E2-470DA5D2CCBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_641:*:*:*:*:*:*", "matchCriteriaId": "2950665A-8C16-4192-96E1-055C95BB27C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_642:*:*:*:*:*:*", "matchCriteriaId": "C0D479C3-F5BC-46AF-915B-5ED84AA055BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_645:*:*:*:*:*:*", "matchCriteriaId": "B5932950-C5A6-4272-8393-0BA73CF30022", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_647:*:*:*:*:*:*", "matchCriteriaId": "E17FE79D-062C-425E-8231-635A78E9F160", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_649:*:*:*:*:*:*", "matchCriteriaId": "D73D3CFE-CBBD-4D67-9AB6-C25124FFCB54", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_651:*:*:*:*:*:*", "matchCriteriaId": "17EF44EC-BD12-4BF9-AFD2-AE6946179066", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_653:*:*:*:*:*:*", "matchCriteriaId": "EA10948B-CE3E-4DDD-99B1-AC5EBF028E1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_655:*:*:*:*:*:*", "matchCriteriaId": "BA696B44-1F79-4B09-A54F-D2D44149C3F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_656:*:*:*:*:*:*", "matchCriteriaId": "74E8F681-11EE-4644-8733-3C4866CA4C3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_657:*:*:*:*:*:*", "matchCriteriaId": "57162852-865D-4BBD-82A4-9EA3268FC69B", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_658:*:*:*:*:*:*", "matchCriteriaId": "9EEC2B80-5948-48BD-A57C-17E0B838B13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_659:*:*:*:*:*:*", "matchCriteriaId": "894F321E-1EBF-407C-8EEB-69E624553CEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_665:*:*:*:*:*:*", "matchCriteriaId": "76FE817F-ED2E-4EED-B545-3D550F4F57E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_667:*:*:*:*:*:*", "matchCriteriaId": "DA70A26B-9F94-44B0-97CA-AE30FD33622C", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_668:*:*:*:*:*:*", "matchCriteriaId": "E0260895-35E1-4398-A22B-474CD1E51E30", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_671:*:*:*:*:*:*", "matchCriteriaId": "46D2E89F-9345-459F-B795-8A0E52EE9E01", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_673:*:*:*:*:*:*", "matchCriteriaId": "3060984A-886B-4464-93E8-8C38B704D861", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_674:*:*:*:*:*:*", "matchCriteriaId": "38C91817-6753-4059-B5D4-0D986F21D967", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_676:*:*:*:*:*:*", "matchCriteriaId": "55B7F24A-12DA-441C-80AF-51577DABDF99", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_677:*:*:*:*:*:*", "matchCriteriaId": "3D4BD882-AC61-4A52-AD4C-1C3232ABF1E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_679:*:*:*:*:*:*", "matchCriteriaId": "D30D7337-282B-4C80-A87A-ECEF03FA9D92", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_682:*:*:*:*:*:*", "matchCriteriaId": "6878F188-1B25-4B89-A741-75F4FB0B8179", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_687:*:*:*:*:*:*", "matchCriteriaId": "8A33A6C0-0645-4C46-BAEC-B271D5398832", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_689:*:*:*:*:*:*", "matchCriteriaId": "96E1D730-65B7-4CD8-B444-9EC59FCD01C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_691:*:*:*:*:*:*", "matchCriteriaId": "335DC8EF-68D4-425C-B225-D47FBB6DED0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_694:*:*:*:*:*:*", "matchCriteriaId": "965ECA92-CE42-4BB4-929F-9FEBEE81EDB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_695:*:*:*:*:*:*", "matchCriteriaId": "EC0FAAFF-6714-4719-A298-AD44E7719C08", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_697:*:*:*:*:*:*", "matchCriteriaId": "8D25AF2E-03D3-4523-AEE3-2174FA8D0C68", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_699:*:*:*:*:*:*", "matchCriteriaId": "042DAB6B-47EF-4DDB-87F0-167603240123", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_702:*:*:*:*:*:*", "matchCriteriaId": "243CC193-85CD-44B0-A63F-71BBFDF1D6AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_704:*:*:*:*:*:*", "matchCriteriaId": "49BC71E4-CE3A-450D-A2F0-36273701F895", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_705:*:*:*:*:*:*", "matchCriteriaId": "AD233196-C6C3-4446-9D6E-814A45DB220D", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_711:*:*:*:*:*:*", "matchCriteriaId": "3C3FEBA0-EC1F-49BD-8CF1-3E56BB6BED86", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_713:*:*:*:*:*:*", "matchCriteriaId": "BBE32CC8-D71A-40B3-A212-3FCF28F7B562", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_715:*:*:*:*:*:*", "matchCriteriaId": "D99AFB55-FDD5-4C6D-B272-4F3F49E50335", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_719:*:*:*:*:*:*", "matchCriteriaId": "DA505FA6-6AC2-4C1E-BD91-68903E44C68B", "vulnerable": true}, {"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_725:*:*:*:*:*:*", "matchCriteriaId": "9179FEB3-2371-45A3-B544-3FC29DDB2C65", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request."}, {"lang": "es", "value": "CoreFTP Server versiones anteriores a 727 ,permite un salto de directorio (para la creaci\u00f3n de archivos) por un atacante autenticado por medio de ../ en una petici\u00f3n HTTP PUT"}], "id": "CVE-2022-22836", "lastModified": "2022-01-19T16:15:07.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-10T14:12:57.847", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://yoursecuritybores.me/coreftp-vulnerabilities/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}