CVE-2001-0263

Gene6 G6 FTP Server <2.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0263. PoCs published by Rob Beck.

AI-analyzed exploit summary This exploit leverages an information disclosure vulnerability in G6 FTP Server by sending 'SIZE' commands to probe for system files outside the FTP root directory. It confirms the existence and location of files such as 'regedit.exe' and IIS-related files, revealing directory structure information.

Description

Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Rob Beck · perlremotewindows
https://www.exploit-db.com/exploits/20726

This exploit leverages an information disclosure vulnerability in G6 FTP Server by sending 'SIZE' commands to probe for system files outside the FTP root directory. It confirms the existence and location of files such as 'regedit.exe' and IIS-related files, revealing directory structure information.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: G6 FTP Server
Auth required
Prerequisites: FTP server access with valid credentials · G6 FTP Server with the vulnerability present
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6330
Various Sources vendor-advisory x_refsource_atstake
http://www.atstake.com/research/advisories/2001/a040301-1.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2537

Scores

EPSS 0.0242
EPSS Percentile 82.1%

Details

Status published
Products (1)
gene6/g6_ftp_server 2.0
Published Jun 18, 2001
Tracked Since Feb 18, 2026