The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Loading...
Loading...
Score elevated to 9.0 because EPSS predicts 94% probability of exploitation within the next 30 days (top 0.1% of all CVEs). Confidence: see factors.
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
May 18, 2015
May 6, 2026
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Working exploit code is in the public domain (1 Metasploit module) (2 GitHub PoCs) (4 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)
Open source ↗ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container
Open source ↗ProFTPd 1.3.5 - 'mod_copy' Command Execution (Metasploit)
Open source ↗Exploits the arbitrary file write bug in proftpd (CVE-2015-3306) attempts code execution
Open source ↗ProFTPD 1.3.5 Mod_Copy Command Execution
Open source ↗ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution
Open source ↗ProFTPd 1.3.5 - File Copy
Open source ↗ProFTPd - Remote Code Execution
Open source ↗See which npm, PyPI, Go, and Maven packages are affected by CVE-2015-3306
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.