CVE-2011-10010

CRITICAL

QuickShare File Server 1.2.1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-10010. PoCs published by Metasploit, modpr0be, modpr0be, sinn3r, including Metasploit module exploits/windows/ftp/quickshare_traversal_write.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in QuickShare File Share 1.2.1's FTP service to achieve remote code execution by uploading a malicious executable and a MOF file to arbitrary locations.

Description

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18933

This Metasploit module exploits a directory traversal vulnerability in QuickShare File Share 1.2.1's FTP service to achieve remote code execution by uploading a malicious executable and a MOF file to arbitrary locations.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: QuickShare File Share 1.2.1
Auth required
Prerequisites: FTP credentials · Network access to the target · Writable directory enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by modpr0be · pythonremotewindows
https://www.exploit-db.com/exploits/16105

This exploit demonstrates a directory traversal vulnerability in QuickShare File Share 1.2.1, allowing unauthorized access to files outside the intended directory. The PoC shows an authenticated FTP session retrieving the boot.ini file from a Windows system.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: QuickShare File Share 1.2.1
Auth required
Prerequisites: FTP access to the target server · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by modpr0be, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/quickshare_traversal_write.rb

This Metasploit module exploits a directory traversal vulnerability in QuickShare File Server 1.2.1's FTP service to upload a malicious executable and a MOF file, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: QuickShare File Server 1.2.1
Auth required
Prerequisites: FTP credentials · Network access to the target · Writable directory enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v4 9.4
EPSS 0.0149
EPSS Percentile 70.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Products (1)
QuickShareHQ/QuickShare File Server < 1.2.2
Published Aug 13, 2025
Tracked Since Feb 18, 2026