Ghisler : Security Vulnerabilities, CVEs, CVSS score >= 6
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.
Max CVSS
7.3
EPSS Score
0.05%
Published
2020-10-21
Updated
2023-03-15
Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Max CVSS
6.8
EPSS Score
0.88%
Published
2007-09-08
Updated
2018-10-15
2 vulnerabilities found