CVE-2009-4809

Easy File Sharing Web Server 4.8 - Path Traversal via vfolder Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4809. PoCs published by Stack.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Easy File Sharing Web Server 4.8, allowing unauthorized access to files outside the web root via crafted HTTP requests. The PoC specifically targets 'boot.ini' but can be adapted for other files.

Description

Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · textremotewindows

https://www.exploit-db.com/exploits/8155

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Easy File Sharing Web Server 4.8, allowing unauthorized access to files outside the web root via crafted HTTP requests. The PoC specifically targets 'boot.ini' but can be adapted for other files.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Easy File Sharing Web Server 4.8

No auth needed

Prerequisites: network access to the target server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/8155

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33973

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34121

Scores

EPSS 0.0276

EPSS Percentile 84.3%

Details

CWE

CWE-22

Status published

Products (1)

sharing-file/easy_file_sharing_web_server 4.8

Published Apr 23, 2010

Tracked Since Feb 18, 2026