CVE-2019-25306

Name of the Vulnerable Software and Affected Versions BlackMoon FTP Server version 3.1.2.1731

Description BlackMoon FTP Server version 3.1.2.1731 contains an unquoted service path issue that may allow local users to execute code with elevated system privileges. An attacker can exploit the unquoted binary path within the service configuration to insert malicious code. This malicious code would then execute with LocalSystem account permissions when the service starts.

Recommendations Apply appropriate quoting to the service path configuration to prevent the execution of unauthorized code.