CVE-2008-2702

ESTsoft ALFTP 4.1 beta 2 and 5.0 - Path Traversal via FTP LIST Response

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2702. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in ALFTP, allowing an attacker to write arbitrary files outside the intended directory by manipulating the response to the LIST command with either backslashes or forward slashes.

Description

Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tan Chew Keong · textremotelinux
https://www.exploit-db.com/exploits/31887

This exploit demonstrates a directory traversal vulnerability in ALFTP, allowing an attacker to write arbitrary files outside the intended directory by manipulating the response to the LIST command with either backslashes or forward slashes.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: ALFTP 4.1 beta 2 (English) and 5.0 (Korean)
No auth needed
Prerequisites: Access to the FTP server · Ability to send crafted LIST commands
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30559
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29585
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1763/references
Exploit, Third Party Advisory x_refsource_misc
http://vuln.sg/alftp41b2-en.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42900

Scores

EPSS 0.1070
EPSS Percentile 95.2%

Details

CWE
CWE-22
Status published
Products (2)
estsoft/alftp 4.1 beta2
estsoft/alftp 5.0
Published Jun 13, 2008
Tracked Since Feb 18, 2026