CVE-2008-5275

N/A Unknown
Published: November 28, 2008 Modified: April 23, 2026
View on NVD

Description

Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/30611
Source: cve@mitre.org
Vendor Advisory
http://vuln.sg/net2ftp096-en.html
Source: cve@mitre.org
http://www.securityfocus.com/bid/29664
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/42994
Source: cve@mitre.org
http://secunia.com/advisories/30611
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://vuln.sg/net2ftp096-en.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/29664
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/42994
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.4%
63th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

net2ftp

Related CVEs

CVE-2026-41044 N/A
CVE-2026-41043 N/A
CVE-2026-40466 N/A
CVE-2025-62233 N/A
CVE-2026-6272 N/A