Critical severityNVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026

CVE-2011-10010

Description

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/quickshare_traversal_write.rbnvd
web.archive.org/web/20110814125645/http://www.digital-echidna.org/2011/02/quickshare-file-share-1-2-1-directory-traversal-vulnerability/nvd
web.archive.org/web/20120125101026/http://www.quicksharehq.com/blog/quickshare-file-server-1-2-2-released.htmlnvd
www.exploit-db.com/exploits/16105nvd
www.exploit-db.com/exploits/18933nvd
www.vulncheck.com/advisories/quickshare-file-server-path-traversal-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.046
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000