CVE-2010-20113

CRITICAL

EasyFTP Server < 1.7.0.12 - Unauthenticated Stack-based Buffer Overflow via list.html Path Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-20113. PoCs published by ThE g0bL!N, including Metasploit module exploits/windows/http/easyftp_list.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Easy~Ftp Server v1.7.0.2 via a maliciously crafted HTTP GET request. It uses an egghunter and shellcode to achieve remote code execution (RCE), specifically launching calc.exe.

Description

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.

Exploits (2)

exploitdb WORKING POC VERIFIED

by ThE g0bL!N · pythonremotewindows

https://www.exploit-db.com/exploits/11500

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Easy~Ftp Server v1.7.0.2 via a maliciously crafted HTTP GET request. It uses an egghunter and shellcode to achieve remote code execution (RCE), specifically launching calc.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Easy~Ftp Server v1.7.0.2

Auth required

Prerequisites: Network access to the target server · Valid credentials for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by ThE g0bL!N · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/easyftp_list.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier via an HTTP GET request with a maliciously crafted 'path' parameter. It leverages a JMP ESP instruction in shell32.dll to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EasyFTP Server <= 1.7.0.11

No auth needed

Prerequisites: Network access to the target server · EasyFTP Server running with default or anonymous credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyftp_list.rb

Exploit, VDB Entry exploit

https://www.exploit-db.com/exploits/11500

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/easyftp-server-list-html-stack-buffer-overflow

Scores

CVSS v3 9.8

EPSS 0.6271

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (2)

easyftp_server_project/easyftp_server < 1.7.0.12

KMiNT21 Software/EasyFTP Server < 1.7.0.11

Published Aug 21, 2025

Tracked Since Feb 18, 2026