CVE-2009-4790

Sysax Multi Server 4.5 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4790.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Sysax Multi Server v4.3 via malformed FTP DELE requests, allowing arbitrary file deletion. It authenticates with the server and sends a crafted DELE command with '..//' sequences to escape the FTP root.

Description

Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC

cremotewindows

https://www.exploit-db.com/exploits/8256

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Sysax Multi Server v4.3 via malformed FTP DELE requests, allowing arbitrary file deletion. It authenticates with the server and sends a crafted DELE command with '..//' sequences to escape the FTP root.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Sysax Multi Server v4.3

Auth required

Prerequisites: FTP server access · Valid credentials

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34433

Scores

EPSS 0.0108

EPSS Percentile 78.3%

Details

CWE

CWE-22

Status published

Products (1)

sysax/multi_server 4.5

Published Apr 22, 2010

Tracked Since Feb 18, 2026