Description
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://enterprisedt.com/products/completeftp/doc/guide/html/history.html
Exploit, Third Party Advisory x_refsource_misc
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-16864
Scores
CVSS v3
8.8
EPSS
0.0723
EPSS Percentile
93.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
enterprisedt/completeftp_server
< 12.1.4
Published
Feb 14, 2022
Tracked Since
Feb 18, 2026