CVE-2022-22836: 
CoreFTP Server vulnerability analysis and mitigation

CoreFTP Server before version 727 contains a directory traversal vulnerability (CVE-2022-22836) that was discovered in January 2022. The vulnerability affects authenticated users who can exploit it through HTTP PUT requests containing '../' sequences (NVD, CVE).

The vulnerability is classified as an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) issue, identified as CWE-22. It has a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, required low privileges, no user interaction, unchanged scope, no impact on confidentiality, high impact on integrity, and no impact on availability (NVD).

The vulnerability allows authenticated attackers to create files in unauthorized directories through directory traversal, potentially leading to security breaches by writing files outside of intended directories (NVD).

The vulnerability was fixed in CoreFTP Server version 727, released on January 6, 2022. Users are advised to upgrade to this version or later to address the security issue (Vendor Advisory).