CVE-2010-20103 CRITICAL

CVE-2010-20103: ProFTPD 1.3.3c Backdoor Command Execution

Vendor Proftpd Project
Product ProFTPD (Professional FTP Daemon)
Weakness CWE-912
Published August 20, 2025
Last update April 7, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

Key dates

02Disclosure timeline

August 20, 2025 CVE published
April 7, 2026 Record updated