ProFTPD mod_copy Arbitrary File Copy Vulnerability
A vulnerability in ProFTPD could allow an unauthenticated, remote attacker to execute arbitrary code or access sensitive information on a targeted system.
The vulnerability exists because the mod_copy function of the affected software performs insufficient checks for and configurations for
its SITE CPFR and CPTO commands. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could allow the attacker to execute arbitrary code or access sensitive information.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
ProFTPD has confirmed the vulnerability and released software updates.
Security Impact Rating: Critical