CVE-2020-37079

Medium CVSS: 5.1

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.

Vendor

Wftpserver

Product

Wing Ftp Server

CWE

CWE-352

Yayın Tarihi

2026-02-07 00:15:53

Güncelleme

2026-02-18 14:48:17

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 Wing Ftp Server MEDIUM Wftpserver 2026

Referanslar

https://www.exploit-db.com/exploits/48200 https://www.vulncheck.com/advisories/wing-ftp-server-cross-site-request-forgery https://www.wftpserver.com https://www.wftpserver.com/serverhistory.htm

Benzer Kayıtlar

High

CVE-2019-25267

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute…

High

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authentica…

Critical

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o…

Medium

CVE-2025-47813

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a…

Low

CVE-2025-27889

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint…

Medium

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or S…