Medium severity5.3NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026

CVE-2017-15270

Description

The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.htmlnvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/43144/nvdThird Party AdvisoryVDB Entry
www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/nvdThird Party Advisory
www.securityfocus.com/archive/1/541518/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000