CVE-2010-10011

MEDIUM

Acritum Femitter Server 1.04 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-10011. PoCs published by chr1x.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Acritum Femitter HTTP-FTP Server, allowing unauthorized access to files outside the intended directory via crafted FTP requests. The PoC uses the DotDotPwn tool to fuzz and retrieve the 'boot.ini' file from the system root.

Description

A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED
by chr1x · textremotewindows
https://www.exploit-db.com/exploits/15445

This exploit demonstrates a directory traversal vulnerability in Acritum Femitter HTTP-FTP Server, allowing unauthorized access to files outside the intended directory via crafted FTP requests. The PoC uses the DotDotPwn tool to fuzz and retrieve the 'boot.ini' file from the system root.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Acritum Femitter HTTP-FTP Server (version unspecified)
No auth needed
Prerequisites: Network access to the FTP server · FTP service running on port 21
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory vdb-entry
https://vuldb.com/?id.250446
Permissions Required, Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.250446
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/15445

Scores

CVSS v3 4.3
EPSS 0.0130
EPSS Percentile 66.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
acritum/femitter_server 1.04
Published Jan 12, 2024
Tracked Since Feb 18, 2026