CVE-2016-4971 – GNU Wget < 1.18 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2016-4971

21 Jun 2016 — GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. GNU wget en versiones anteriores a 1.18 permite a servidores remotos escribir archivos arbitrarios redirigiendo una petición desde HTTP a una fuente FTP manipulada. It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expe... • https://packetstorm.news/files/id/162395 • CWE-73: External Control of File Name or Path •