CVE-2010-20103

CRITICAL EXPLOITED NUCLEI

ProFTPD <1.3.3c - RCE

Title source: llm

Description

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16921
exploitdb WRITEUP VERIFIED
by anonymous · textremotelinux
https://www.exploit-db.com/exploits/15662
metasploit WORKING POC EXCELLENT
by MC, darkharper2 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb

Nuclei Templates (1)

ProFTPd-1.3.3c - Backdoor Command Execution
CRITICALby pussycat0x
Shodan: product:\"ProFTPD\"

References (8)

Scores

CVSS v3 9.8
EPSS 0.8508
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-08-20
CWE
CWE-912
Status published
Products (2)
proftpd/proftpd 1.3.3 c
ProFTPD Project/ProFTPD (Professional FTP Daemon) 1.3.3c
Published Aug 20, 2025
Tracked Since Feb 18, 2026