An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
55d5c601f24989f0cd87c1d30f3e4d2e24da10d2ffdf9b41b6aeffd9d3a3e8cc
CoreFTP Server FTP and SFTP Server version 2 build 674 suffer from a directory traversal vulnerability. By utilizing a directory traversal along with the FTP SIZE command, an attacker can browse outside the root directory to determine if a file exists based on return file size by using a ..\..\ technique.
37bbdbe7891d4945d5ffae270f56ee38468766fc65923b032489c8574e7b1953