Vulnerability Summary

CompleteFTP Server Authenticated Remote Command Execution. This vulnerability allows Remote Command Execution with SYSTEM privileges for any authenticated user with a Windows local or domain account on the target host. The is possible because of the exec command available in via SSH which always executes as SYSTEM regardless of the privileges of the logged in user. CompleteFTP Server versions prior to 12.1.4 are vulnerable to this attack by any level of Windows user. As of version 12.1.4, the exec command limited to Windows Administrator accounts.

Vulnerability Trend