CVE-2007-6233 – ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-6233
Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. Vulnerabilidad de salto de directorio en index.php en FTP Admin 0.1.0 permite a usuarios remotos validados incluir y ejecutar archivos locales a través de una secuencia .. (punto punto) en el parámetro page. • https://www.exploit-db.com/exploits/4681 http://secunia.com/advisories/27875 https://exchange.xforce.ibmcloud.com/vulnerabilities/38779 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-6234 – ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-6234
index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account. index.php en FTP Admin 0.1.0 permite a atacantes remotos evitar la autenticación y obtener acceso administrativo a través del parámetro loggedin con un valor a verdadero, como se demostró añadiendo una cuenta de usuario. • https://www.exploit-db.com/exploits/4681 http://secunia.com/advisories/27875 https://exchange.xforce.ibmcloud.com/vulnerabilities/38782 • CWE-287: Improper Authentication •