CVE-2011-10010 CRITICAL

CVE-2011-10010: QuickShare File Server 1.2.1 Path Traversal RCE

Vendor Quicksharehq
Product QuickShare File Server
Weakness CWE-22 · Path traversal
Published August 13, 2025
Last update May 15, 2026

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.

Key dates

02Disclosure timeline

August 13, 2025 CVE published
May 15, 2026 Record updated

Related vulnerabilities

04Related CVE