Arbitrary File Overwrite Vulnerability in WinSCP's SCP Implementation
CVE-2018-20684 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:P
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
Learn more about our Cis Benchmark Audit For Server Software.