CVE-2018-9059

CRITICAL

Sharing-file Easy File Sharing Web Server - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.

Exploits (4)

exploitdb WORKING POC

by Hashim Jawad · pythonremotewindows

https://www.exploit-db.com/exploits/44522

View Code ZIP pw:eip

exploitdb WORKING POC

by rebeyond · pythonremotewindows

https://www.exploit-db.com/exploits/44485

View Code ZIP pw:eip

nomisec WORKING POC

by manojcode · poc

https://github.com/manojcode/easy-file-share-7.2-exploit-CVE-2018-9059

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/easyfilesharing_seh.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/147246/Easy-File-Sharing-Web-Server-7.2-Buffer-Overflow.html

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44485/

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44522/

Scores

CVSS v3 9.8

EPSS 0.8342

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

sharing-file/easy_file_sharing_web_server 7.2

Published Apr 20, 2018

Tracked Since Feb 18, 2026