QwikSec

Security Database

CVE

CWE

Training

CVE-2010-20103

Published: Aug 20, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

Vendor	Product	Versions
ProFTPD Project	ProFTPD (Professional FTP Daemon)	affected `1.3.3c`

Weaknesses (CWE)

References

https://web.archive.org/web/20111107212129/http://rsync.proftpd.org/

vendor-advisory

patch

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb

exploit

https://www.exploit-db.com/exploits/15662

exploit

https://www.exploit-db.com/exploits/16921

exploit

https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2010-151.html/

third-party-advisory

https://github.com/proftpd/proftpd

product

http://www.proftpd.org/

product

https://www.vulncheck.com/advisories/proftpd-backdoor-command-execution

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.