// For flags

CVE-2016-15003

FileZilla Client Installer uninstall.exe unquoted search path

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Se ha encontrado una vulnerabilidad en FileZilla Client versión 3.17.0.0 y ha sido clasificada como problemática. Esta vulnerabilidad afecta a un código desconocido del archivo C:\NProgram Files\NFileZilla FTP Client\Nuninstall.exe del componente Installer. La manipulación conlleva a una ruta de búsqueda no citada. El ataque puede iniciarse de forma remota. La explotación ha sido divulgada al público y puede ser usada

*Credits: Cyril Vallicari
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-07-16 CVE Reserved
  • 2022-07-18 CVE Published
  • 2024-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-428: Unquoted Search Path or Element
CAPEC
References (3)
URL Tag Source
https://vuldb.com/?id.97204 Third Party Advisory
URL Date SRC
https://www.exploit-db.com/exploits/39803 2024-08-06
https://youtu.be/r06VwwJ9J4M 2024-08-06
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Filezilla-project
Search vendor "Filezilla-project"
 Filezilla Client
Search vendor "Filezilla-project" for product "Filezilla Client"
 3.17.0
Search vendor "Filezilla-project" for product "Filezilla Client" and version "3.17.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe