CVE-2022-22836
Summary
| CVE | CVE-2022-22836 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-10 14:12:00 UTC |
| Updated | 2022-01-19 16:15:00 UTC |
| Description | CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Coreftp | Core Ftp | 2.0 | build_639 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_640 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_641 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_642 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_645 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_647 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_649 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_651 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_653 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_655 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_656 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_657 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_658 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_659 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_665 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_667 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_668 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_671 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_673 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_674 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_676 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_677 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_679 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_682 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_687 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_689 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_691 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_694 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_695 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_697 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_699 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_702 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_704 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_705 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_711 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_713 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_715 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_719 | All | All |
| Application | Coreftp | Core Ftp | 2.0 | build_725 | All | All |
| Application | Coreftp | Core Ftp | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CoreFTP Arbitrary File Write (CVE-2022-22836) and Remote DoS (CVE-2022-22899) | Your Security Bores Me | MISC | yoursecuritybores.me | |
| Server v2 build 725 - Core FTP | MISC | www.coreftp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.