← back
CVE-2018-25226

FTPShell Server 6.83 Denial of Service via Account Name

CVSS 6.9 MEDIUMEPSS 0.2%CWE-787
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Ftpshell · FTPShell Server
public PoCs found1
cve_referencewww.exploit-db.com/exploits/46430unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/46430https://www.vulncheck.com/advisories/ftpshell-server-denial-of-service-via-account-namehttp://www.ftpshell.com/downloadserver.htmhttp://www.ftpshell.com/index.htm