ProFTPD Vulnerable to Improper Access Control Flaw (CVE-2019-

ProFTPD Vulnerable to Improper Access Control Flaw (CVE-2019-12815)

Researcher Tobias Mädel released an advisory on July 18 for a vulnerability in ProFTPD, a popular open source FTP daemon for Unix and Unix-like operating systems, that has existed since 2010.

The vulnerability, designated as CVE-2019-12815, is an improper access control in the ProFTPD ‘mod_copy’ module due to the fact that it does not honor specific configuration settings in the proftpd.conf file.

Initially thought to have been patched in version 1.3.6 of ProFTPD, Mädel updated his advisory on July 23 to indicate that the vulnerability still persists in ProFTPD 1.3.6 and that no patch is currently available for it.

For more details about this event, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

ProFTPD Vulnerable to Improper Access Control Flaw (CVE-2019-

Recent Discussions

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Americas

Europe

Asia / Australia