CVE-2009-4053

MEDIUM

Home FTP Server 1.10.1.139 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4053. PoCs published by zhangmc.

AI-analyzed exploit summary This exploit targets an FTP server vulnerability (CVE-2009-4053) by sending a malicious MKD command to create a directory with a traversal payload. It requires authentication and may lead to directory traversal or DoS.

Description

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by zhangmc · pythonremotewindows
https://www.exploit-db.com/exploits/10162

This exploit targets an FTP server vulnerability (CVE-2009-4053) by sending a malicious MKD command to create a directory with a traversal payload. It requires authentication and may lead to directory traversal or DoS.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: FTP server (unspecified version)
Auth required
Prerequisites: Network access to FTP server · Valid FTP credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37381

Scores

CVSS v3 6.5
EPSS 0.0354
EPSS Percentile 87.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
home_ftp_server_project/home_ftp_server 1.10.1.139
Published Nov 23, 2009
Tracked Since Feb 18, 2026