Total Commander FTP Client Traversal Arbitrary File Overwrite
High Nessus Plugin ID 40927
SynopsisThe remote host contains an application that is affected by an arbitrary file overwrite issue.
DescriptionThe version of Total Commander installed on the remote host fails to sanitize filenames of directory traversal sequences when downloading files via FTP.
If an attacker can trick a user on the affected system into visiting a malicious FTP server, he can leverage this issue to write to arbitrary files, subject to his privileges.
SolutionUpgrade to Total Commander 7.02 or later.