CVE-2008-5275
net2ftp 0.96-0.97 - Path Traversal and Arbitrary File Write via TAR or ZIP Archive
Title source: llmDescription
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30611
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42994
Various Sources x_refsource_misc
http://vuln.sg/net2ftp096-en.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29664
Scores
EPSS
0.0270
EPSS Percentile
84.1%
Details
CWE
CWE-22
Status
published
Products (2)
net2ftp/net2ftp
0.96 stable
net2ftp/net2ftp
0.97 beta
Published
Nov 28, 2008
Tracked Since
Feb 18, 2026