Arbitrary File Access Vulnerability in ProFTPD by ProFTPD Project
CVE-2015-3306

Currently unrated

Key Information:

Vendor

Proftpd

Status
Proftpd
Vendor
CVE Published:
18 May 2015

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 93%

What is CVE-2015-3306?

The mod_copy module in ProFTPD 1.3.5 is vulnerable to exploitation, allowing attackers to perform unauthorized read and write operations on arbitrary files. This is executed through the use of the site cpfr and site cpto commands, enabling remote users to manipulate file contents without permission. This vulnerability creates significant security risks for servers running affected versions of ProFTPD, making it essential for administrators to apply necessary security measures and updates.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

exploit-CVE-2015-3306
Created by t0kx

propane
Created by nootropics

cpx_proftpd
Created by shk0x

References

http://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd...
x_refsource_MISC
https://www.exploit-db.com/exploits/36803/
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5...
x_refsource_MISC

EPSS Score

93% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.