CVE-2020-14057
CRITICALMonsta FTP < 2.10.1 - Arbitrary File Read and Write via Path Traversal
Title source: llmDescription
Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.monstaftp.com/notes/
Third Party Advisory x_refsource_misc
https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-01_Monsta_FTP_Arbitrary_File_Read_and_Write
Scores
CVSS v3
9.8
EPSS
0.0258
EPSS Percentile
83.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-610
Status
published
Products (1)
monstaftp/monsta_ftp
< 2.10.1
Published
Jul 01, 2020
Tracked Since
Feb 18, 2026