CVE-2010-20103
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-09-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| proftpd | proftpd | 1.3.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-912 | The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a malicious backdoor that was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor includes a hidden FTP command that, when triggered, allows the server to execute arbitrary shell commands with root privileges. This means an attacker can remotely and without authentication run any operating system command on the FTP server host.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows remote, unauthenticated attackers to execute any OS command on the FTP server with root privileges. This can lead to complete system compromise, unauthorized access to sensitive data, disruption of services, and potential use of the compromised server to launch further attacks.