Description
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by zhangmc · pythonremotewindows
https://www.exploit-db.com/exploits/10162
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/54303
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37381
Scores
CVSS v3
6.5
EPSS
0.0426
EPSS Percentile
88.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
home_ftp_server_project/home_ftp_server
1.10.1.139
Published
Nov 23, 2009
Tracked Since
Feb 18, 2026