CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-9470

HIGH
7.8
CVSS Severity Score
EPSS Score0.1160%
EPSS Percentile11.72th
Published2020年3月7日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel.

Affected Platforms (CPE)

📦
Wftpserver

Wing Ftp Server

<= 6.2.5

References & Advisories

🔗 https://www.hooperlabs.xyz/disclosures/cve-2020-9470.php
🔗 https://www.hooperlabs.xyz/disclosures/cve-2020-9470.php

関連する脆弱性情報

CVE-2020-370328.8

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users ...

CVE-2019-252677.8

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary...

CVE-2020-86347.8

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management i...

CVE-2020-86357.8

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files...