CVE-2008-6534

NULL FTP Server Free and Pro 1.1.0.7 - Authenticated Command Injection via SITE Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6534. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in NULL FTP Server 1.1.0.7 via the SITE command. By manipulating parameters passed to custom SITE commands, an authenticated attacker can execute arbitrary shell commands on the server.

Description

Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tan Chew Keong · textremotewindows

https://www.exploit-db.com/exploits/7355

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in NULL FTP Server 1.1.0.7 via the SITE command. By manipulating parameters passed to custom SITE commands, an authenticated attacker can execute arbitrary shell commands on the server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NULL FTP Server Free/Pro Version 1.1.0.7

Auth required

Prerequisites: FTP SITE commands enabled · SITE commands configured to accept parameters · Authenticated user with write access

devstral-2 · analyzed Feb 16, 2026 Full analysis →