CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-8634

HIGH
7.8
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile20.95th
Published2020年3月7日
Last Modified2024年11月21日

Vulnerability Description

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.

Affected Platforms (CPE)

📦
Wftpserver

Wing Ftp Server

= 6.2.3
📦
Wftpserver

Wing Ftp Server

= 6.2.3
📦
Wftpserver

Wing Ftp Server

= 6.2.3

References & Advisories

🔗 https://www.hooperlabs.xyz/disclosures/cve-2020-8635.php
🔗 https://www.hooperlabs.xyz/disclosures/cve-2020-8635.php

相關漏洞威脅

CVE-2020-370328.8

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users ...

CVE-2019-252677.8

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary...

CVE-2020-86357.8

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files...

CVE-2020-94707.8

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, ...