CoreFTP Server MDTM Directory Traversal
Posted on 26 August 2019
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal (....) to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date.