Vulnerability Details CVE-2020-11706
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20Admin%20Interface%20-%20Cross-Site-Request-Forgery
- https://www.provideserver.com/security/
- https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20Admin%20Interface%20-%20Cross-Site-Request-Forgery
- https://www.provideserver.com/security/
Products affected by CVE-2020-11706
-
cpe:2.3:a:provideserver:provide_ftp_server:-
-
cpe:2.3:a:provideserver:provide_ftp_server:13.1