CVE-2011-10010
CRITICALQuickShare File Server 1.2.1 - Path Traversal
Title source: llmDescription
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18933
exploitdb
WORKING POC
VERIFIED
by modpr0be · pythonremotewindows
https://www.exploit-db.com/exploits/16105
metasploit
WORKING POC
EXCELLENT
by modpr0be, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/quickshare_traversal_write.rb
References (6)
Scores
CVSS v4
9.4
EPSS
0.5394
EPSS Percentile
98.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
QuickShareHQ/QuickShare File Server
< 1.2.2
Published
Aug 13, 2025
Tracked Since
Feb 18, 2026