CVE-2016-15003

MEDIUM

FileZilla Client 3.17.0.0 - Unquoted Search Path

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-15003. PoCs published by Cyril Vallicari.

AI-analyzed exploit summary This is a writeup describing an unquoted path vulnerability in FileZilla 3.17.0.0 installer, which could allow local privilege escalation by executing arbitrary code with elevated privileges. The exploit involves placing a malicious executable in a specific path to be executed during uninstallation.

Description

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WRITEUP

by Cyril Vallicari · textlocalwindows

https://www.exploit-db.com/exploits/39803

View Code ZIP pw:eip

This is a writeup describing an unquoted path vulnerability in FileZilla 3.17.0.0 installer, which could allow local privilege escalation by executing arbitrary code with elevated privileges. The exploit involves placing a malicious executable in a specific path to be executed during uninstallation.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: FileZilla 3.17.0.0

Auth required

Prerequisites: Local access to the system · Ability to place an executable in C:\ or C:\Program Files\

MITRE ATT&CK

T1546.008 - Accessibility Features

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/39803/

Exploit, Third Party Advisory x_refsource_misc

https://youtu.be/r06VwwJ9J4M

Third Party Advisory x_refsource_misc

https://vuldb.com/?id.97204

Scores

CVSS v3 6.3

EPSS 0.0071

EPSS Percentile 48.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-428

Status published

Products (1)

filezilla-project/filezilla_client 3.17.0

Published Jul 18, 2022

Tracked Since Feb 18, 2026