proftpd
Page content
- Author: Miklos Vajna
- Vulnerable: 1.3.1-4
- Unaffected: 1.3.1-5solaria1
A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user into following a malicious link.
- Bug Tracker URL: http://bugs.frugalware.org/task/3370