PT-2026-7601 · Unknown · Blackmoon Ftp Server
Debashis Pal
·
Published
2026-02-11
·
Updated
2026-02-11
·
CVE-2019-25306
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BlackMoon FTP Server version 3.1.2.1731
Description
BlackMoon FTP Server version 3.1.2.1731 contains an unquoted service path issue that may allow local users to execute code with elevated system privileges. An attacker can exploit the unquoted binary path within the service configuration to insert malicious code. This malicious code would then execute with LocalSystem account permissions when the service starts.
Recommendations
Apply appropriate quoting to the service path configuration to prevent the execution of unauthorized code.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blackmoon Ftp Server