HIGH🇬🇧 English

CVE-2019-25267

CVSS 8.5v4.0pub. 2026-02-05upd. 2026-02-18

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Wftpserver Wing Ftp Server

    APP
    Wftpserver
    6.0.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2025-47812CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE w Wing FTP Server — wstrzyknięcie kodu Lua przez bajt NULL

CVE-2026-44403HIGH8.6ten sam produkt

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session seri...

CVE-2020-37032HIGH8.6ten sam produkt

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows ...

CVE-2025-5196HIGH7.5ten sam produkt

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vul...

CVE-2020-8634HIGH7.8ten sam produkt

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HT...