[原文]Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not.
Quick 'n Easy FTP Server DEL Command Traversal Arbitrary File Disclosure
Pablo Software's Quick 'n Easy FTP Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the "del" command is used and will disclose the presence of a file and possibly list the files in the directory, resulting in a loss of confidentiality.
Upgrade to version 1.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.