Wftpserver

Wing Ftp Server

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2020-37079

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 23:16:47
  • Zuletzt bearbeitet 18.02.2026 14:48:17

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit ...

7.8

CVE-2019-25267

Exploit
  • EPSS 0.01%
  • Veröffentlicht 04.02.2026 23:15:48
  • Zuletzt bearbeitet 18.02.2026 14:49:26

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to in...

8.8

CVE-2020-37032

Exploit
  • EPSS 0.47%
  • Veröffentlicht 30.01.2026 22:07:12
  • Zuletzt bearbeitet 18.02.2026 14:51:35

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigge...

8.8

CVE-2022-50934

Exploit
  • EPSS 0.2%
  • Veröffentlicht 13.01.2026 22:52:00
  • Zuletzt bearbeitet 14.01.2026 19:16:15

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.

8.8

CVE-2025-27889

Exploit
  • EPSS 0.04%
  • Veröffentlicht 10.07.2025 00:00:00
  • Zuletzt bearbeitet 17.07.2025 13:31:12

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker.

4.3

CVE-2025-47813

Exploit
  • EPSS 0.62%
  • Veröffentlicht 10.07.2025 00:00:00
  • Zuletzt bearbeitet 17.07.2025 13:17:06

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

6.6

CVE-2025-47811

Exploit
  • EPSS 0.06%
  • Veröffentlicht 10.07.2025 00:00:00
  • Zuletzt bearbeitet 17.07.2025 13:18:45

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e., through th...

10

CVE-2025-47812

Warnung Medienbericht Exploit
  • EPSS 92.47%
  • Veröffentlicht 10.07.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 19:26:31

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP...

7.5

CVE-2025-5196

Exploit
  • EPSS 0.49%
  • Veröffentlicht 26.05.2025 13:31:05
  • Zuletzt bearbeitet 02.07.2025 17:42:07

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. ...

8.8

CVE-2023-37881

  • EPSS 0.15%
  • Veröffentlicht 12.09.2023 09:15:08
  • Zuletzt bearbeitet 21.11.2024 08:12:23

Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.