CVE-2019-25619

HIGH 8.4

FTP Shell Server 6.83 Buffer Overflow via Account Name

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

2th

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.

CWE	CWE-787
Vendor	ftpshell
Product	ftp shell server
Published	Mar 22, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for ftpshell ftp shell server

Be the first to know when new high vulnerabilities affecting ftpshell ftp shell server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Ftpshell / FTP Shell Server

6.83

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46685 ftpshell.com: http://www.ftpshell.com/index.htm vulncheck.com: https://www.vulncheck.com/advisories/ftp-shell-server-buffer-overflow-via-account-name

Credits

Dino Covotsos - Telspace Systems