CVE-2009-5012

CVE-2009-5012 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.

Learn more about our Cis Benchmark Audit For Server Software.