4 matches found
CVE-2025-56311
In Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware v2.2.14, the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint /boaform/admin/formReboot. An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes th...
Wing FTP Server - Authenticated CSRF (Delete Admin)
Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Date: 2020-03-10 Exploit Author: Dhiraj Mishra Vendor Homepage: https://www.wftpserver.com Version: v6.2.6 Tested on: Windows 10 Summary: An authenticated CSRF exists in web client and web administration of Wing FTP v6.2.6, a crafted HTM...
Wing FTP Server 6.2.3 Cross Site Request Forgery
Exploit Title: Wing FTP Server 6.2.3 - Authenticated Cross Site Request Forgery Date: 2020-03-10 Exploit Author: Dhiraj Mishra Vendor Homepage: https://www.wftpserver.com Version: v6.2.6 Tested on: Windows 10 Summary: An authenticated CSRF exists in web client and web administration of Wing FTP...
Wing FTP Server 6.2.3 Cross Site Request Forgery Vulnerability
Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Exploit Author: Dhiraj Mishra Vendor Homepage: https://www.wftpserver.com Version: v6.2.6 Tested on: Windows 10 Summary: An authenticated CSRF exists in web client and web administration of Wing FTP v6.2.6, a crafted HTML page could dele...