CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-14056

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2020-14056

Monstaftp » Monsta Ftp » Version: 2.10

cpe:2.3:a:monstaftp:monsta_ftp:2.10
Monstaftp » Monsta Ftp » Version: 2.10.1

cpe:2.3:a:monstaftp:monsta_ftp:2.10.1
Monstaftp » Monsta Ftp » Version: 2.7

cpe:2.3:a:monstaftp:monsta_ftp:2.7
Monstaftp » Monsta Ftp » Version: 2.8

cpe:2.3:a:monstaftp:monsta_ftp:2.8
Monstaftp » Monsta Ftp » Version: 2.8.1

cpe:2.3:a:monstaftp:monsta_ftp:2.8.1
Monstaftp » Monsta Ftp » Version: 2.8.2

cpe:2.3:a:monstaftp:monsta_ftp:2.8.2
Monstaftp » Monsta Ftp » Version: 2.9

cpe:2.3:a:monstaftp:monsta_ftp:2.9
Monstaftp » Monsta Ftp » Version: 2.9.1

cpe:2.3:a:monstaftp:monsta_ftp:2.9.1
Monstaftp » Monsta Ftp » Version: 2.9.2

cpe:2.3:a:monstaftp:monsta_ftp:2.9.2
Monstaftp » Monsta Ftp » Version: 2.9.3

cpe:2.3:a:monstaftp:monsta_ftp:2.9.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-14056

Products

Pricing

Contact Us