CVE-2008-5275

net2ftp 0.96-0.97 - Path Traversal and Arbitrary File Write via TAR or ZIP Archive

Title source: llm
STIX 2.1

Description

Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30611
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42994
Various Sources x_refsource_misc
http://vuln.sg/net2ftp096-en.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29664

Scores

EPSS 0.0270
EPSS Percentile 84.1%

Details

CWE
CWE-22
Status published
Products (2)
net2ftp/net2ftp 0.96 stable
net2ftp/net2ftp 0.97 beta
Published Nov 28, 2008
Tracked Since Feb 18, 2026