CVE-2019-25619

HIGH

FTP Shell Server 6.83 Buffer Overflow via Account Name

Title source: cna

Description

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.

Exploits (1)

exploitdb WORKING POC

by Dino Covotsos · pythonlocalwindows

https://www.exploit-db.com/exploits/46685

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/46685

[Product] http://www.ftpshell.com/index.htm

[Third Party Advisory] https://www.vulncheck.com/advisories/ftp-shell-server-buffer-overflow-via-account-name

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (2)

Ftpshell/FTP Shell Server 6.83

ftpshell/ftpshell_server 6.83

Published Mar 22, 2026

Tracked Since Mar 22, 2026