Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWftpserver Wing Ftp Server
APPWftpserver6.2.3
Related vulnerabilities
RCE w Wing FTP Server — wstrzyknięcie kodu Lua przez bajt NULL
Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session seri...
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potential...
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows ...
A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vul...