Vulnerability resides in the mod_copy module of the ProFTPD application, a component that allows users to copy files/directories from one place to another on a server without having to transfer the data to the client and back. The vulnerability, assigned as CVE-2019-12815, affects all versions of ProFTPd, including the latest 1.3.6 version which was released in 2017. To successfully achieve remote code execution on a targeted server, an attacker needs to copy a malicious PHP file to a location where it can be executed.
Source: https://thehackernews.com/2019/07/linux-ftp-server-security.html