CVE-2023-45685

CVE-2023-45685: Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers

Vendor South River Technologies
Product Titan MFT
Weakness CWE-22 · Path traversal
Published October 16, 2023
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

Key dates

02Disclosure timeline

October 16, 2023 CVE published
September 16, 2024 Record updated