CVE-2006-3015

WinSCP 3.8.1 - Command Injection

Title source: llm

Description

Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jelmer Kuperus · textremotewindows

https://www.exploit-db.com/exploits/28007

View Code ZIP pw:eip

References (8)

[Broken Link] http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html

[Broken Link, Exploit] http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html

[Broken Link, Vendor Advisory] http://secunia.com/advisories/20575

[Release Notes] http://winscp.net/eng/docs/history#3.8.2

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/912588

[Broken Link, Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/18384

[Broken Link] http://www.vupen.com/english/advisories/2006/2289

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27075

Scores

EPSS 0.1757

EPSS Percentile 95.0%

Classification

CWE

CWE-88

Status draft

Affected Products (1)

winscp/winscp

Timeline

Published Jun 14, 2006

Tracked Since Feb 18, 2026