CVE-2019-25619

HIGH

FTP Shell Server 6.83 Buffer Overflow via Account Name

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25619. PoCs published by Dino Covotsos.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in FTP Shell Server 6.83 by crafting a malicious payload that triggers a JMP ESP instruction in ole32.dll, leading to arbitrary code execution (calc.exe). The payload is written to a file for manual execution in the application's 'Account name to ban' field.

Description

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.

Exploits (1)

exploitdb WORKING POC

by Dino Covotsos · pythonlocalwindows

https://www.exploit-db.com/exploits/46685

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in FTP Shell Server 6.83 by crafting a malicious payload that triggers a JMP ESP instruction in ole32.dll, leading to arbitrary code execution (calc.exe). The payload is written to a file for manual execution in the application's 'Account name to ban' field.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FTP Shell Server 6.83

No auth needed

Prerequisites: FTP Shell Server 6.83 installed on Windows XP SP3 · Manual interaction to paste payload into the application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46685

https://www.exploit-db.com/exploits/46685

Product product

Official Product Homepage

http://www.ftpshell.com/index.htm

Third Party Advisory third-party-advisory

VulnCheck Advisory: FTP Shell Server 6.83 Buffer Overflow via Account Name

https://www.vulncheck.com/advisories/ftp-shell-server-buffer-overflow-via-account-name

Scores

CVSS v3 8.4

EPSS 0.0021

EPSS Percentile 11.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

Ftpshell/FTP Shell Server 6.83

ftpshell/ftpshell_server 6.83

Published Mar 22, 2026

Tracked Since Mar 22, 2026