CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-37032

HIGH
8.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile10.11th
Published2026年1月30日
Last Modified2026年2月18日

Vulnerability Description

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.

Affected Platforms (CPE)

📦
Wftpserver

Wing Ftp Server

= 6.3.8

References & Advisories

🔗 https://www.exploit-db.com/exploits/48676
🔗 https://www.vulncheck.com/advisories/wing-ftp-server-remote-code-execution
🔗 https://www.wftpserver.com/

相关漏洞威胁

CVE-2019-252677.8

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary...

CVE-2020-86347.8

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management i...

CVE-2020-86357.8

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files...

CVE-2020-94707.8

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, ...