Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XWftpserver Wing Ftp Server
APPWftpserver6.0.7
Related vulnerabilities
RCE w Wing FTP Server β wstrzykniΔcie kodu Lua przez bajt NULL
Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session seri...
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows ...
A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vul...
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HT...