XLight FTP Server 3.x SFTP Directory Traversal
Medium Nessus Plugin ID 47680
SynopsisThe remote SFTP service is affected by a directory traversal vulnerability.
DescriptionAccording to its SSH banner, the version of XLight FTP server listening on the remote host is potentially affected by a directory traversal vulnerability in its SFTP service. A remote, authenticated attacker, exploiting this flaw, can read and modify arbitrary files on the remote host.
Note that this vulnerability only affects XLight FTP server 3.x as the SFTP service was first introduced in version 3.0.
SolutionUpgrade to XLight FTP Server 3.6 or later.