CVE-2015-7601

PCMan's FTP Server <2.0.7 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-7601. PoCs published by Jay Turla, Jay Turla, James Fitts, including Metasploit module auxiliary/scanner/ftp/pcman_ftp_traversal.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in PCMan FTP Server v2.0.7, allowing an attacker to read arbitrary files (e.g., boot.ini) by traversing directories using '..//' sequences. The PoC connects to the FTP server, retrieves the file, and prints its contents.

Description

Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.

Exploits (2)

exploitdb WORKING POC
by Jay Turla · pythonremotewindows
https://www.exploit-db.com/exploits/38340

This exploit demonstrates a directory traversal vulnerability in PCMan FTP Server v2.0.7, allowing an attacker to read arbitrary files (e.g., boot.ini) by traversing directories using '..//' sequences. The PoC connects to the FTP server, retrieves the file, and prints its contents.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PCMan FTP Server v2.0.7
No auth needed
Prerequisites: Network access to the FTP server · FTP server running PCMan FTP Server v2.0.7
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Jay Turla, James Fitts · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in PCMan FTP Server 2.0.7, allowing an attacker to download arbitrary files from the server by crafting a RETR command with traversal strings.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PCMan FTP Server 2.0.7
No auth needed
Prerequisites: Network access to the FTP server · FTP server running PCMan FTP Server 2.0.7
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38340/

Scores

EPSS 0.5833
EPSS Percentile 99.0%

Details

CWE
CWE-22
Status published
Products (1)
pcman\'s_ftp_server_project/pcman\'s_ftp_server 2.0.7
Published Sep 29, 2015
Tracked Since Feb 18, 2026