monstaftp 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk ssrf and vendor risk cross-site scripting があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-34299 | Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server. | [email protected] | 9.3 | 74.11% | 2025-11-07 | 2025-12-10 |
| CVE-2022-31827 | MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. | [email protected] | 9.1 | 0.45% | 2022-06-09 | 2024-11-21 |
| CVE-2022-27469 | Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). | [email protected] | 9.8 | 0.30% | 2022-04-26 | 2024-11-21 |
| CVE-2022-27468 | Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. | [email protected] | 9.8 | 1.28% | 2022-04-26 | 2024-11-21 |
| CVE-2020-14057 | Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments. | [email protected] | 9.8 | 3.07% | 2020-07-01 | 2024-11-21 |
| CVE-2020-14056 | Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services. | [email protected] | 9.8 | 0.49% | 2020-07-01 | 2024-11-21 |
| CVE-2020-14055 | Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding. | [email protected] | 6.1 | 0.36% | 2020-07-01 | 2024-11-21 |