HIGH🇵🇱 Wersja polska

CVE-2020-8634

CVSS 7.8v3.1pub. 2020-03-07upd. 2024-11-21

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Wftpserver Wing Ftp Server

    APP
    Wftpserver
    6.2.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-47812CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE w Wing FTP Server — wstrzyknięcie kodu Lua przez bajt NULL

CVE-2026-44403HIGH8.6ten sam produkt

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session seri...

CVE-2019-25267HIGH8.5ten sam produkt

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potential...

CVE-2020-37032HIGH8.6ten sam produkt

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows ...

CVE-2025-5196HIGH7.5ten sam produkt

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vul...