Unrated severityNVD Advisory· Published Sep 8, 2007· Updated Apr 23, 2026

CVE-2007-4756

Description

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected products

Ghisler/Total Commander
cpe:2.3:a:ghisler:total_commander:*:*:*:*:*:*:*:*
Range: <=7.01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ghisler.com/whatsnew.htmnvdPatch
www.securityfocus.com/bid/25581nvdExploit
secunia.com/advisories/26734nvdVendor Advisory
blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txtnvd
osvdb.org/39838nvd
securityreason.com/securityalert/3106nvd
www.securityfocus.com/archive/1/478720/100/0/threadednvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/3102nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36486nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36487nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000