CVE-2018-9059

CRITICAL

Easy File Sharing Web Server 7.2 - Remote Code Execution via Malicious Login Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2018-9059. PoCs published by Hashim Jawad, rebeyond, manojcode, including Metasploit module exploits/windows/http/easyfilesharing_seh.

AI-analyzed exploit summary This exploit leverages a buffer overflow in Easy File Sharing Web Server 7.2 via the 'UserID' parameter, bypassing DEP using ROP chains to execute arbitrary shellcode. The payload is a standard calc.exe shellcode generated with msfvenom.

Description

Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.

Exploits (4)

exploitdb WORKING POC
by Hashim Jawad · pythonremotewindows
https://www.exploit-db.com/exploits/44522

This exploit leverages a buffer overflow in Easy File Sharing Web Server 7.2 via the 'UserID' parameter, bypassing DEP using ROP chains to execute arbitrary shellcode. The payload is a standard calc.exe shellcode generated with msfvenom.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Easy File Sharing Web Server 7.2
No auth needed
Prerequisites: Network access to the target server · Target software running on Windows 7 Enterprise (x86) - Service Pack 1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by rebeyond · pythonremotewindows
https://www.exploit-db.com/exploits/44485

This exploit targets a stack buffer overflow in Easy File Sharing Web Server 7.2 via a malicious login request. It uses a crafted payload with a JMP ESP instruction and shellcode to execute calc.exe on the remote server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy File Sharing Web Server 7.2
No auth needed
Prerequisites: Network access to the target server · Target server running Easy File Sharing Web Server 7.2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by manojcode · poc
https://github.com/manojcode/easy-file-share-7.2-exploit-CVE-2018-9059

This is a functional exploit for CVE-2018-9059, targeting a buffer overflow in Easy File Sharing Web Server 7.2. It includes a ROP chain to bypass DEP and achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Easy File Sharing Web Server 7.2
No auth needed
Prerequisites: Network access to the target server · Target running Easy File Sharing Web Server 7.2 on Windows 7 x86
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/easyfilesharing_seh.rb

This Metasploit module exploits a SEH overflow in Easy File Sharing HTTP Server 7.2 via a crafted HTTP GET request. It leverages a known CVE (2018-9059) to achieve remote code execution by overwriting the SEH record and executing shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy File Sharing HTTP Server 7.2
No auth needed
Prerequisites: Network access to the target server on port 80 · Vulnerable version of Easy File Sharing HTTP Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44522/
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44485/

Scores

CVSS v3 9.8
EPSS 0.7907
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
sharing-file/easy_file_sharing_web_server 7.2
Published Apr 20, 2018
Tracked Since Feb 18, 2026