Improper input validation in Drakkan Sftpgo

CVE-2024-52309

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in r…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (23.9th percentile) — read the EPSS interpretation.

Affected products

Drakkan Sftpgo — versions >= 2.4.0, < 2.6.3

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

https://github.com/drakkan/sftpgo/security/advisories/GHSA-49cc-xrjf-9qf7 (x_refsource_CONFIRM)
https://github.com/drakkan/sftpgo/commit/88b1850b5806eee81150873d4e565144b21021fb (x_refsource_MISC)
https://github.com/drakkan/sftpgo/commit/b524da11e9466d05fe03304713ee1c61bb276ec4 (x_refsource_MISC)