CVE-2019-25267

High CVSS: 8.5

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.

Vendor

Wftpserver

Product

Wing Ftp Server

CWE

CWE-428

Yayın Tarihi

2026-02-05 00:15:50

Güncelleme

2026-02-18 14:49:26

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-428 Wing Ftp Server HIGH Wftpserver 2026

Referanslar

https://www.exploit-db.com/exploits/47818 https://www.vulncheck.com/advisories/wing-ftp-server-unquoted-service-path https://www.wftpserver.com/

Benzer Kayıtlar

Medium

CVE-2020-37079

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administrat…

High

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authentica…

Critical

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o…

Medium

CVE-2025-47813

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a…

Low

CVE-2025-27889

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint…

Medium

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or S…