ProVide FTP Server for Windows

According to its website, ProVide a high performance MFT (managed file transfer) server for Windows (32-bit and 64-bit) with superb remote administration that fully integrates all relevant file transfer protocols; FTP, FTPS, SFTP, TFTP and HTTPS (secure web access).

During an independent assessment of version 13.1 of ProVide FTP Server for Windows, multiple vulnerabilities were found to affect this product.

Table of contents

• CVE-2020-11701 - CSRF in Web User Interface
• CVE-2020-11702 - Multiple XSS in Web User Interface
• CVE-2020-11703 - HTTP Response Splitting
• CVE-2020-11704 - Multiple XSS in Web Admin Interface
• CVE-2020-11705 - Path Traversal
• CVE-2020-11706 - CSRF in Admin Interface
• CVE-2020-11707 - Jail Escape (Privilege Escalation) via Symlink
• CVE-2020-11708 - Privilege Escalation via EXECUTE()
• LPE via Unquoted-Service-Path