CVE-2020-27994

Path traversal in Serv-U File Server by SolarWinds | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

SolarWinds Serv-U FTP server through 15.2.1 does not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request.

Successful exploitation of this issue may allow an attacker to discover available files and directories present on the web server.

Affected Versions

Discovered in: 15.2.1

Fixed Versions

Fixed in: 15.2.2

Latest News