Описание
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- Product
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 6.2.7 (исключая)
cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.0017
Низкий
4.3 Medium
CVSS3
3.5 Low
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 4.3
github
5 месяцев назад
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.
EPSS
Процентиль: 7%
0.0017
Низкий
4.3 Medium
CVSS3
3.5 Low
CVSS3
Дефекты
CWE-352