CSRF Vulnerability in ProVide User Web Interface Allows Unauthorized Filesystem Access

CSRF Vulnerability in ProVide User Web Interface Allows Unauthorized Filesystem Access

CVE-2020-11701 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories.

Learn more about our Web App Pen Testing.