CVE-2011-10010
published 2025-08-13CVE-2011-10010: QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated…
PriorityP270critical9.4CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.49%
70.8th percentile
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quicksharehq | quickshare_file_server | < 1.2.2 | 1.2.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor FTP sessions for path traversal sequences ('..') in file upload (STOR) commands targeting QuickShare File Server 1.2.1, particularly sequences that resolve outside the configured virtual directory. ↗
- →Flag authenticated FTP accounts on QuickShare where the 'Writable' option is enabled, as this is the default and is the prerequisite condition enabling arbitrary file write exploitation. ↗
- ·The 'Writable' option is enabled by default during account creation in QuickShare File Server 1.2.1, meaning all newly created FTP accounts are vulnerable to arbitrary file write by default without additional attacker configuration. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/quickshare_traversal_write.rbhttps://web.archive.org/web/20110814125645/http://www.digital-echidna.org/2011/02/quickshare-file-share-1-2-1-directory-traversal-vulnerability/https://web.archive.org/web/20120125101026/http://www.quicksharehq.com/blog/quickshare-file-server-1-2-2-released.htmlhttps://www.exploit-db.com/exploits/16105https://www.exploit-db.com/exploits/18933https://www.vulncheck.com/advisories/quickshare-file-server-path-traversal-rcehttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/quickshare_traversal_write.rb
2025-08-13
Published