Published: 07/03/2020 Updated: 21/07/2021

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

An issue exists in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wftpserver wing ftp server

Wing FTP Server version 625 suffers from a privilege escalation vulnerability ...

Wing FTP Server 6.2.5 - Privilege Escalation

What's this Wing FTP Server 625 - Privilege Escalation Introduction A weakness in the handling of HTTP sessions within Wing FTP Server allows any local user to escalate privileges to root on Linux, MacOS, and Solaris Exploitation is contingent on an already-established administrative session It should be noted that version 625 was released on Februrary 27th, 2020, ho

CWE-732 https://www.hooperlabs.xyz/disclosures/cve-2020-9470.php https://nvd.nist.gov https://github.com/Al1ex/CVE-2020-9470 https://packetstormsecurity.com/files/156583/Wing-FTP-Server-6.2.5-Privilege-Escalation.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-9470

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect