Описание
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:wftpserver:wing_ftp_server:6.2.3:*:*:*:*:linux:*:*
cpe:2.3:a:wftpserver:wing_ftp_server:6.2.3:*:*:*:*:macos:*:*
cpe:2.3:a:wftpserver:wing_ftp_server:6.2.3:*:*:*:*:solaris:*:*
EPSS
Процентиль: 25%
0.00086
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-281
Связанные уязвимости
github
больше 3 лет назад
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.
EPSS
Процентиль: 25%
0.00086
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-281