CVE-2024-58299

CRITICAL

PCMan FTP Server 2.0 - Stack-based Buffer Overflow via PWD Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58299. PoCs published by Waqas Ahmed Faroouqi.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in PCMan FTP Server 2.0 via the 'pwd' command. It sends a crafted payload with a reverse shell to achieve remote code execution on the target system.

Description

PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access.

Exploits (1)

exploitdb WORKING POC
by Waqas Ahmed Faroouqi · pythonremotewindows
https://www.exploit-db.com/exploits/51767

This exploit targets a buffer overflow vulnerability in PCMan FTP Server 2.0 via the 'pwd' command. It sends a crafted payload with a reverse shell to achieve remote code execution on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PCMan FTP Server 2.0
Auth required
Prerequisites: Network access to the FTP server · FTP server version 2.0 · USER32.dll at the specified address
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0071
EPSS Percentile 48.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-121
Status published
Products (1)
PCMan/FTP Server 2.0
Published Dec 12, 2025
Tracked Since Feb 18, 2026