An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSouthrivertech Titan Ftp Server Nextgen
APPSouthrivertech< 1.2.1050
Powiązane podatności
An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privile...
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to...
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Ex...
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SF...
Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan S...