CVE-2007-4756

Total Commander < 7.01 - Path Traversal via FTP Filename

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.

References (11)

Core 11
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26734
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39838
Patch x_refsource_misc
http://www.ghisler.com/whatsnew.htm
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25581
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36487
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36486
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/478720/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3106
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3102
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018662

Scores

EPSS 0.0364
EPSS Percentile 88.2%

Details

CWE
CWE-22
Status published
Products (1)
ghisler/total_commander < 7.01
Published Sep 08, 2007
Tracked Since Feb 18, 2026