7 matches found
CVE-2025-47812
CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server, affecting versions before 7.4.4. The root cause is improper handling of null bytes ('\0') in user/admin web interfaces, allowing injection of arbitrary Lua code into user session files. The injected code can execute comma...
CVE-2025-5196
CVE-2025-5196 affects Wing FTP Server up to 7.4.3, via the Lua Admin Console, granting execution with unnecessary privileges. Exploitation appears remote and authenticated (PoC exists). Upgrade to version 7.4.4 to address the issue; vendor notes recommend running the service as a Normal User for ...
CVE-2025-47813
Technical details for CVE-2025-47813 are not publicly available in the provided connected documents. Monitor for updates. Initial description notes an information disclosure related to UID cookie length, but no technical specifics are provided here.
CVE-2025-47811
Wing FTP Server (versions up to 7.4.4) is affected by CVE-2025-47811: the admin web interface runs as root/SYSTEM by default, and the web app exposes legitimate ways to execute system commands which are executed with the highest privileges. This creates a potential privilege escalation via the we...
CVE-2025-27889
Technical details for CVE-2025-27889 are not provided in the connected documents; the supplied materials focus on CVE-2025-47812 and lack specifics (product/version/impact) for CVE-2025-27889. Monitor for updates.
CVE-2026-44403
Wing FTP Server 8.1.2 is affected: an authenticated remote code execution due to unsafe session serialization that injects Lua via the domain admin mydirectory field, leading to code execution when a poisoned session is loaded with loadfile(). Root cause: unsafe serialization of session values in...
CVE-2020-37079
Wing FTP Server prior to version 6.2.7 is affected by a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows an attacker to delete admin users by crafting a malicious HTML page with a hidden form that submits a request without proper authorization. The i...