ArGoSoft FTP Server .lnk Shortcut Upload Arbitrary File Manipulation
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
ArGoSoft FTP Server contains a flaw that may allow a malicious user to upload .lnk shortcut files. The issue is due to an unknown error in the product. It is possible that the flaw may allow the malicious user to use the uploaded .lnk shortcut files to access arbitrary files and directories outside of the FTP base path resulting in a loss of confidentiality or integrity.
Upgrade to version 18.104.22.168 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.