CVE-2006-3015
WinSCP 3.8.1 - Argument Injection via Encoded Spaces in SCP/SFTP URI
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-3015. PoCs published by Jelmer Kuperus.
AI-analyzed exploit summary The exploit leverages a URL handler vulnerability in WinSCP to execute arbitrary SCP commands, allowing file uploads/downloads via crafted SCP URLs with embedded commands.
Description
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jelmer Kuperus · textremotewindows
https://www.exploit-db.com/exploits/28007
The exploit leverages a URL handler vulnerability in WinSCP to execute arbitrary SCP commands, allowing file uploads/downloads via crafted SCP URLs with embedded commands.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
WinSCP 3.8.1 and earlier
No auth needed
Prerequisites:
Victim must click on a malicious SCP URL
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27075
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2289
Release Notes x_refsource_confirm
http://winscp.net/eng/docs/history#3.8.2
Broken Link, Exploit mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html
Broken Link mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20575
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18384
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/912588
Scores
EPSS
0.0634
EPSS Percentile
92.8%
Details
CWE
CWE-88
Status
published
Products (1)
winscp/winscp
3.8.1
Published
Jun 14, 2006
Tracked Since
Feb 18, 2026