CVE-2019-10009

MEDIUM

Titan FTP Server 2019 Build 3505 - Path Traversal

Title source: llm

Description

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.

Exploits (2)

exploitdb WORKING POC

by Kevin Randall · textwebappswindows

https://www.exploit-db.com/exploits/46611

View Code ZIP pw:eip

github NO CODE

by KevinRandall1337 · poc

https://github.com/KevinRandall1337/CVE-Security-Research/tree/master/CVE-2019-10009

View Code ZIP pw:eip

References (6)

[Mailing List] http://seclists.org/fulldisclosure/2019/Mar/47

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/46611/

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2019/Mar/47

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46611

[Various Sources] http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html

Scores

CVSS v3 6.5

EPSS 0.0617

EPSS Percentile 90.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

southrivertech/titan_ftp_server 2019 3505

Published Jun 03, 2019

Tracked Since Feb 18, 2026