CVE-2020-14056
N/A
N/A
Summary
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.monstaftp.com/notes/
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-02_Monsta_FTP_Server-Side_Request_Forgery
References
- https://www.monstaftp.com/notes/
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-02_Monsta_FTP_Server-Side_Request_Forgery
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.