CVE-2004-2532

Serv-U FTP <5.1.0.0 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2532. PoCs published by AndrÃ©s Acunha.

AI-analyzed exploit summary This exploit leverages default local admin credentials in Serv-U FTP Server to create a new domain and user, then executes arbitrary commands via the 'SITE EXEC' command with SYSTEM privileges.

Description

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by AndrÃ©s Acunha · clocalwindows

https://www.exploit-db.com/exploits/381

View Code ZIP pw:eip

This exploit leverages default local admin credentials in Serv-U FTP Server to create a new domain and user, then executes arbitrary commands via the 'SITE EXEC' command with SYSTEM privileges.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Serv-U FTP Server >3.x (tested up to 5.1.0.0)

Auth required

Prerequisites: Local access to the target system · Serv-U FTP Server installed with default local admin credentials

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10886

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16925

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/8877

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html

Scores

EPSS 0.1566

EPSS Percentile 96.4%

Details

CWE

CWE-255

Status published

Products (12)

solarwinds/serv-u_file_server 3.0.0.16

solarwinds/serv-u_file_server 3.0.0.17

solarwinds/serv-u_file_server 3.1.0.0

solarwinds/serv-u_file_server 3.1.0.1

solarwinds/serv-u_file_server 3.1.0.3

solarwinds/serv-u_file_server 4.0.0.4

solarwinds/serv-u_file_server 4.1.0.0

solarwinds/serv-u_file_server 4.1.0.3

solarwinds/serv-u_file_server 5.0.0.0

solarwinds/serv-u_file_server 5.0.0.4

... and 2 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026