Vulnerability Details CVE-2020-11705
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20Admin%20Interface%20-%20Authenticated%20Arbitrary%20File%20Overwrite
- https://www.provideserver.com/security/
- https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20Admin%20Interface%20-%20Authenticated%20Arbitrary%20File%20Overwrite
- https://www.provideserver.com/security/
Products affected by CVE-2020-11705
-
cpe:2.3:a:provideserver:provide_ftp_server:-
-
cpe:2.3:a:provideserver:provide_ftp_server:13.1