CVE-2019-16116

MEDIUM

EnterpriseDT CompleteFTP Server <12.1.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16116. PoCs published by 1F98D.

AI-analyzed exploit summary This exploit leverages CVE-2019-16116 to achieve remote code execution on CompleteFTP Professional < 12.1.3 by exploiting an obscured administrator password logged during installation and abusing the administration interface over port 14983.

Description

EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.

Exploits (1)

exploitdb WORKING POC
by 1F98D · pythonremotewindows
https://www.exploit-db.com/exploits/48657

This exploit leverages CVE-2019-16116 to achieve remote code execution on CompleteFTP Professional < 12.1.3 by exploiting an obscured administrator password logged during installation and abusing the administration interface over port 14983.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CompleteFTP Professional < 12.1.3
Auth required
Prerequisites: CompleteFTP configured to permit remote administration · Access to the obscured administrator password from Bootstrapper.log
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 4.3
EPSS 0.0368
EPSS Percentile 88.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-327 CWE-532
Status published
Products (1)
enterprisedt/completeftp_server < 12.1.3
Published Oct 02, 2019
Tracked Since Feb 18, 2026