CyberSec.Space Logo
Back to CVE Browser

CVE-2017-6803

HIGH
8.8
CVSS Severity Score
EPSS Score0.1840%
EPSS Percentile0.30th
PublishedMar 20, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.

Affected Platforms (CPE)

πŸ“¦
Solarwinds

Ftp Voyager

= 16.2.0

References & Advisories

πŸ”— http://hyp3rlinx.altervista.org/advisories/FTP-VOYAGER-SCHEDULER-CSRF-REMOTE-CMD-EXECUTION.txt
πŸ”— http://packetstormsecurity.com/files/141567/FTP-Voyager-Scheduler-16.2.0-CSRF-Denial-Of-Service.html
πŸ”— http://www.securityfocus.com/bid/96814
πŸ”— https://www.exploit-db.com/exploits/41574/
πŸ”— http://hyp3rlinx.altervista.org/advisories/FTP-VOYAGER-SCHEDULER-CSRF-REMOTE-CMD-EXECUTION.txt
πŸ”— http://packetstormsecurity.com/files/141567/FTP-Voyager-Scheduler-16.2.0-CSRF-Denial-Of-Service.html
πŸ”— http://www.securityfocus.com/bid/96814
πŸ”— https://www.exploit-db.com/exploits/41574/

Related Vulnerabilities

CVE-2010-41549.3

Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers t...

CVE-2007-10797.8

Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of se...

CVE-2001-11037.5

FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety i...

CVE-2018-252526.2

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting ov...