Vulnerabilities > CVE-2020-14056 - Server-Side Request Forgery (SSRF) vulnerability in Monstaftp Monsta FTP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Common Weakness Enumeration (CWE)
References
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-02_Monsta_FTP_Server-Side_Request_Forgery
- https://www.monstaftp.com/notes/
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-02_Monsta_FTP_Server-Side_Request_Forgery
- https://www.monstaftp.com/notes/