CVE-2020-37032

High CVSS: 8.6

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.

Vendor

Wftpserver

Product

Wing Ftp Server

CWE

CWE-78

Yayın Tarihi

2026-01-30 23:16:08

Güncelleme

2026-02-18 14:51:35

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Wing Ftp Server HIGH Wftpserver 2026

Referanslar

https://www.exploit-db.com/exploits/48676 https://www.vulncheck.com/advisories/wing-ftp-server-remote-code-execution https://www.wftpserver.com/

Benzer Kayıtlar

Medium

CVE-2020-37079

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administrat…

High

CVE-2019-25267

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute…

Critical

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o…

Medium

CVE-2025-47813

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a…

Low

CVE-2025-27889

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint…

Medium

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or S…