CVE-2019-16116

MEDIUM

EnterpriseDT CompleteFTP Server <12.1.3 - Info Disclosure

Title source: llm

Description

EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.

Exploits (1)

exploitdb WORKING POC

by 1F98D · pythonremotewindows

https://www.exploit-db.com/exploits/48657

View Code ZIP pw:eip

References (2)

[Release Notes, Vendor Advisory] https://enterprisedt.com/products/completeftp/doc/guide/html/history.html

[Exploit, Third Party Advisory] https://rhinosecuritylabs.com/application-security/completeftp-server-local-privesc-cve-2019-16116/

Scores

CVSS v3 4.3

EPSS 0.0301

EPSS Percentile 86.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-327 CWE-532

Status published

Products (1)

enterprisedt/completeftp_server < 12.1.3

Published Oct 02, 2019

Tracked Since Feb 18, 2026