CVE-2023-22629

HIGH NUCLEI

Titan FTP Server < 1.94.1205 - Authenticated Path Traversal via Move-File Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-22629. PoCs published by Andreas Finstad. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup referencing an exploit for CVE-2023-22629, a path traversal vulnerability in TitanFTP leading to RCE. The actual exploit details are linked to an external blog post.

Description

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.

Exploits (1)

exploitdb WRITEUP
by Andreas Finstad · textremotewindows
https://www.exploit-db.com/exploits/51268

This is a writeup referencing an exploit for CVE-2023-22629, a path traversal vulnerability in TitanFTP leading to RCE. The actual exploit details are linked to an external blog post.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: TitanFTP < 2.0.1.2102
No auth needed
Prerequisites: Network access to vulnerable TitanFTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal
HIGHby pussycat0x
Shodan: product:"Titan ftpd"

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.1232
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Products (1)
southrivertech/titan_ftp_server < 1.94.1205
Published Feb 14, 2023
Tracked Since Feb 18, 2026