Arbitrary File Read/Write Vulnerability in Monsta FTP 2.10.1 and Below

Arbitrary File Read/Write Vulnerability in Monsta FTP 2.10.1 and Below

CVE-2020-14057 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.

Learn more about our External Network Penetration Testing.