Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWftpserver Wing Ftp Server
APPWftpserver6.2.3
Related vulnerabilities
RCE w Wing FTP Server — wstrzyknięcie kodu Lua przez bajt NULL
Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session seri...
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potential...
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows ...
A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vul...