CVE-2019-10009

Summary

CVE	CVE-2019-10009
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-06-03 21:29:00 UTC
Updated	2019-06-06 20:29:00 UTC
Description	A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.

Risk And Classification

Problem Types: CWE-22

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Southrivertech	Titan Ftp Server	2019	3505	All	All
Application	Southrivertech	Titan Ftp Server	2019	3505	All	All

References

Reference	Source	Link	Tags
Full Disclosure: CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion	MISC	seclists.org	Exploit, Mailing List, Third Party Advisory
www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html	CONFIRM	www.southrivertech.com
Full Disclosure: CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion	FULLDISC	seclists.org
Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion	EXPLOIT-DB	www.exploit-db.com
Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion	EXPLOIT-DB	www.exploit-db.com	Exploit, Third Party Advisory, VDB Entry
Titan FTP Server 2019 Build 3505 Directory Traversal ≈ Packet Storm	MISC	packetstormsecurity.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.