Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server prior to 4.4.7 allow remote malicious users to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wftpserver wing ftp server |