Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vwsolutions | null_ftp | 1.1.0.7 |