CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2011-5292

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 73.9%

CVSS Severity

CVSS v2 Score 7.5

References

https://www.htbridge.com/advisory/HTB23015
https://www.htbridge.com/advisory/HTB23015

Products affected by CVE-2011-5292

Easewe Software » Easewe Ftp Ocx Activex Control » Version: 4.5.0.9

cpe:2.3:a:easewe_software:easewe_ftp_ocx_activex_control:4.5.0.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-5292

Products

Pricing

Contact Us