Medium severity5.3GHSA Advisory· Published Mar 22, 2019· Updated Jun 17, 2026
CVE-2019-9648
CVE-2019-9648
Description
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
CoreFtpNuGet | <= 2.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
9- seclists.org/fulldisclosure/2019/Mar/23nvdExploitMailing ListThird Party AdvisoryWEB
- www.exploit-db.com/exploits/46535nvdExploitThird Party AdvisoryVDB EntryWEB
- www.coreftp.com/forums/viewtopic.phpnvdProductVendor AdvisoryWEB
- www.securityfocus.com/bid/107446nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-w393-h95m-f879ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-9648ghsaADVISORY
- packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.htmlnvdWEB
- seclists.org/fulldisclosure/2019/Aug/21nvdWEB
- web.archive.org/web/20210125013812/https://www.securityfocus.com/bid/107446ghsaWEB
News mentions
0No linked articles in our index yet.