Golden FTP Server Pro LS Command Traversal Information Disclosure
Remote / Network Access
Loss of Confidentiality
Golden FTP Server Pro contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an input validation error in the handling of the LS command. By changing directory to a share and then passing "\.." as an argument to the LS command, it will disclose the contents of the application directory (e.g. containing files with names of valid users) resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.