CVE-2015-7603

Konica Minolta FTP Utility 1.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-7603. PoCs published by shinnai, Jay Turla, James Fitts, including Metasploit module auxiliary/scanner/ftp/konica_ftp_traversal.

AI-analyzed exploit summary This PHP script demonstrates a directory traversal vulnerability in Konica Minolta FTP Utility by attempting to read the 'boot.ini' file via FTP using a maliciously crafted path. It connects anonymously and retrieves the file if the vulnerability exists.

Description

Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.

Exploits (2)

exploitdb WORKING POC

by shinnai · phpremotewindows

https://www.exploit-db.com/exploits/38260

View Code ZIP pw:eip

This PHP script demonstrates a directory traversal vulnerability in Konica Minolta FTP Utility by attempting to read the 'boot.ini' file via FTP using a maliciously crafted path. It connects anonymously and retrieves the file if the vulnerability exists.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Konica Minolta FTP Utility 1.0

No auth needed

Prerequisites: FTP service running on target · Anonymous FTP access enabled

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Jay Turla, James Fitts · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Konica Minolta FTP Utility 1.00, allowing arbitrary file download via crafted RETR commands with '..//' sequences. It connects anonymously, retrieves the specified file, and stores it as loot.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Konica Minolta FTP Utility 1.00

No auth needed

Prerequisites: Network access to the vulnerable FTP server · FTP Utility 1.00 running on the target

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://shinnai.altervista.org/exploits/SH-0024-20150922.html

Exploit exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/38260/

Scores

EPSS 0.7277

EPSS Percentile 98.8%

Details

CWE

CWE-22

Status published

Products (1)

konicaminolta/ftp_utility 1.0

Published Sep 29, 2015

Tracked Since Feb 18, 2026