CVE-2023-22629

HIGH NUCLEI

Southrivertech Titan FTP Server < 1.94.1205 - Path Traversal

Title source: rule

Description

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.

Exploits (1)

exploitdb WRITEUP

by Andreas Finstad · textremotewindows

https://www.exploit-db.com/exploits/51268

View Code ZIP pw:eip

Nuclei Templates (1)

TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal

HIGHby pussycat0x

Shodan: product:"Titan ftpd"

References (4)

[Exploit, Third Party Advisory] https://f20.be/cves/titan-ftp-vulnerabilities

[Product] https://titanftp.com

[Release Notes] https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html

Scores

CVSS v3 8.8

EPSS 0.6508

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

southrivertech/titan_ftp_server < 1.94.1205

Published Feb 14, 2023

Tracked Since Feb 18, 2026