Unrated severityNVD Advisory· Published Aug 21, 2025· Updated Apr 7, 2026

EasyFTP Server list.html path Stack Buffer Overflow

CVE-2010-20113

Description

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.

Affected products

Kmint21 Software/Easyftp Serverv5
Range: *

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyftp_list.rbmitreexploit
www.exploit-db.com/exploits/11500mitreexploit
www.vulncheck.com/advisories/easyftp-server-list-html-stack-buffer-overflowmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.050
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000