ProFTPD mod_copy Arbitrary File Copy Vulnerability

By GIXnews


A vulnerability in ProFTPD could allow an unauthenticated, remote attacker to execute arbitrary code or access sensitive information on a targeted system.

The vulnerability exists because the mod_copy function of the affected software performs insufficient checks for and configurations for
its SITE CPFR and CPTO commands. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could allow the attacker to execute arbitrary code or access sensitive information.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

ProFTPD has confirmed the vulnerability and released software updates.

Security Impact Rating: Critical

CVE: CVE-2019-12815

Source:: Cisco Multivendor Vulnerability Alerts