CVE-2000-0876
WFTPD and WFTPD Pro 2.41 RC12 - Unauthenticated Sensitive Information Exposure via %C Command
Title source: llmDescription
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5196
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5829
Scores
EPSS
0.0152
EPSS Percentile
71.6%
Details
CWE
CWE-200
Status
published
Products (6)
texas_imperial_software/wftpd
2.4.1
texas_imperial_software/wftpd
2.4.1_rc11
texas_imperial_software/wftpd
2.4.1_rc12
texas_imperial_software/wftpd
2.34
texas_imperial_software/wftpd
2.40
texas_imperial_software/wftpd_pro
2.41_rc12
Published
Nov 14, 2000
Tracked Since
Feb 18, 2026