What is CVE-2022-22836?

CVE-2022-22836 is a vulnerability in CoreFTP Server that allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

How severe is CVE-2022-22836?

CVE-2022-22836 has a severity score of 6.5, which is considered medium.

Which software versions are affected by CVE-2022-22836?

The affected software versions include CoreFTP Server 1.2 and CoreFTP Server 2.0-build_639 to 2.0-build_725.

How can I fix CVE-2022-22836?

To fix CVE-2022-22836, it is recommended to update CoreFTP Server to a version that is not affected by the vulnerability.

Where can I find more information about CVE-2022-22836?

More information about CVE-2022-22836 can be found at the following references: [http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509](http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509) and [https://yoursecuritybores.me/coreftp-vulnerabilities/](https://yoursecuritybores.me/coreftp-vulnerabilities/)

Vulnerability/
CVE-2022-22836

medium

6.5

CWE

8/1/2022

3/8/2024

CVE-2022-22836: Path Traversal

First published: Sat Jan 08 2022(Updated: )

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Tsolucio Corebos	<=1.2
Tsolucio Corebos	=2.0-build_639
Tsolucio Corebos	=2.0-build_640
Tsolucio Corebos	=2.0-build_641
Tsolucio Corebos	=2.0-build_642
Tsolucio Corebos	=2.0-build_645
Tsolucio Corebos	=2.0-build_647
Tsolucio Corebos	=2.0-build_649
Tsolucio Corebos	=2.0-build_651
Tsolucio Corebos	=2.0-build_653
Tsolucio Corebos	=2.0-build_655
Tsolucio Corebos	=2.0-build_656
Tsolucio Corebos	=2.0-build_657
Tsolucio Corebos	=2.0-build_658
Tsolucio Corebos	=2.0-build_659
Tsolucio Corebos	=2.0-build_665
Tsolucio Corebos	=2.0-build_667
Tsolucio Corebos	=2.0-build_668
Tsolucio Corebos	=2.0-build_671
Tsolucio Corebos	=2.0-build_673
Tsolucio Corebos	=2.0-build_674
Tsolucio Corebos	=2.0-build_676
Tsolucio Corebos	=2.0-build_677
Tsolucio Corebos	=2.0-build_679
Tsolucio Corebos	=2.0-build_682
Tsolucio Corebos	=2.0-build_687
Tsolucio Corebos	=2.0-build_689
Tsolucio Corebos	=2.0-build_691
Tsolucio Corebos	=2.0-build_694
Tsolucio Corebos	=2.0-build_695
Tsolucio Corebos	=2.0-build_697
Tsolucio Corebos	=2.0-build_699
Tsolucio Corebos	=2.0-build_702
Tsolucio Corebos	=2.0-build_704
Tsolucio Corebos	=2.0-build_705
Tsolucio Corebos	=2.0-build_711
Tsolucio Corebos	=2.0-build_713
Tsolucio Corebos	=2.0-build_715
Tsolucio Corebos	=2.0-build_719
Tsolucio Corebos	=2.0-build_725

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-22836?
CVE-2022-22836 is a vulnerability in CoreFTP Server that allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.
How severe is CVE-2022-22836?
CVE-2022-22836 has a severity score of 6.5, which is considered medium.
Which software versions are affected by CVE-2022-22836?
The affected software versions include CoreFTP Server 1.2 and CoreFTP Server 2.0-build_639 to 2.0-build_725.
How can I fix CVE-2022-22836?
To fix CVE-2022-22836, it is recommended to update CoreFTP Server to a version that is not affected by the vulnerability.
Where can I find more information about CVE-2022-22836?
More information about CVE-2022-22836 can be found at the following references: [http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509](http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509) and [https://yoursecuritybores.me/coreftp-vulnerabilities/](https://yoursecuritybores.me/coreftp-vulnerabilities/)

agent/type
agent/references
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/coreftp
canonical/tsolucio corebos
version/tsolucio corebos/1.2
version/tsolucio corebos/2.0-build_639
version/tsolucio corebos/2.0-build_640
version/tsolucio corebos/2.0-build_641
version/tsolucio corebos/2.0-build_642
version/tsolucio corebos/2.0-build_645
version/tsolucio corebos/2.0-build_647
version/tsolucio corebos/2.0-build_649
version/tsolucio corebos/2.0-build_651
version/tsolucio corebos/2.0-build_653
version/tsolucio corebos/2.0-build_655
version/tsolucio corebos/2.0-build_656
version/tsolucio corebos/2.0-build_657
version/tsolucio corebos/2.0-build_658
version/tsolucio corebos/2.0-build_659
version/tsolucio corebos/2.0-build_665
version/tsolucio corebos/2.0-build_667
version/tsolucio corebos/2.0-build_668
version/tsolucio corebos/2.0-build_671
version/tsolucio corebos/2.0-build_673
version/tsolucio corebos/2.0-build_674
version/tsolucio corebos/2.0-build_676
version/tsolucio corebos/2.0-build_677
version/tsolucio corebos/2.0-build_679
version/tsolucio corebos/2.0-build_682
version/tsolucio corebos/2.0-build_687
version/tsolucio corebos/2.0-build_689
version/tsolucio corebos/2.0-build_691
version/tsolucio corebos/2.0-build_694
version/tsolucio corebos/2.0-build_695
version/tsolucio corebos/2.0-build_697
version/tsolucio corebos/2.0-build_699
version/tsolucio corebos/2.0-build_702
version/tsolucio corebos/2.0-build_704
version/tsolucio corebos/2.0-build_705
version/tsolucio corebos/2.0-build_711
version/tsolucio corebos/2.0-build_713
version/tsolucio corebos/2.0-build_715
version/tsolucio corebos/2.0-build_719
version/tsolucio corebos/2.0-build_725