Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution

Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files. id: CVE-2025-34299 info: name: Monsta FTP = 2.11.2 - Unauthenticated Remote Code Execution...

📄 Monsta FTP 2.11 Remote File Injection

This Metasploit module exploits a vulnerability in Monsta FTP version 2.11 and enables remote file injection by creating a malicious FTP server. The application builds this server to upload a malicious PHP file reverse shell. After the file is uploaded, the module immediately verifies the...

Exploit for Unrestricted Upload of File with Dangerous Type in Monstaftp Monsta_Ftp

CVE-2025-34299 Test Environment Docker test environment for C...

Metasploit Wrap-Up 12/05/2025

Twonky Auth Bypass, RCEs and RISC-V Reverse Shell Payloads This was another fantastic week in terms of PR contribution to the Metasploit Framework. Rapid7’s very own Ryan Emmons recently disclosed CVE-2025-13315 and CVE-2025-13316 which exist in Twonky Server and allow decrypting admin credential...

Monsta FTP downloadFile Remote Code Execution

This module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions use exploit/multi/http/monstaftpdownloadfilerce msf exploitmonstaftpdownloadfilerce show targets ...targets... msf exploitmonstaftpdownloadfilerce set TARGET msf exploitmonstaftpdownloadfilerce sho...

📄 Monsta FTP DownloadFile Remote Code Execution

This Metasploit module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions prior to 2.11.3. The vulnerability exists in the downloadFile action which allows an attacker to connect to a malicious FTP or SFTP server and download arbitrary files to arbitrary...

VulnCheck KEV: CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

Exploit for CVE-2025-34299

Monsta FTP CVE-2025-34299 Exploit Python exploit for the RCE...

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

CVE-2025-34299

Summary: Monsta FTP

CVE-2025-34299 Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

CVE-2025-34299 Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

PT-2025-45416

Name of the Vulnerable Software and Affected Versions Monsta FTP versions 2.11 and earlier Monsta FTP versions prior to 2.11.3 Description Monsta FTP versions 2.11 and earlier contain a critical vulnerability that allows unauthenticated arbitrary file uploads, leading to remote code execution...

EUVD-2020-6217

Malware in sbrugna...

EUVD-2020-6219

Malware in sbrugna...

EUVD-2020-6218

Malware in sbrugna...

CVE-2020-14057

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments...

CVE-2020-14056

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...

CVE-2020-14055

Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding...

Monsta FTP 代码问题漏洞

Monsta FTP is a modern web interface for FTP. A security vulnerability exists in Monsta FTP version v2.10.3, which stems from a server-side request forgery SSRF vulnerability discovered via the performFetchRequest function in HTTPFetcher.php...