VULHUB ™

Authenticated users can gain access to directories outside of the FTP root where Broker FTP has been installed. Submitting a command containing '/../' sequences and a relative path will disclose the requested resource from anywhere on the host's drive. This vulnerability could enable an attacker to gain access to sensitive system information in various files residing on the target machine, and potentially to further compromise the vulnerable system.

Authenticated users can gain access to directories outside of the FTP root where Broker FTP has been installed. Submitting a command containing '/../' sequences and a relative path will disclose the requested resource from anywhere on the host's drive. This vulnerability could enable an attacker to gain access to sensitive system information in various files residing on the target machine, and potentially to further compromise the vulnerable system.