Логотип exploitDog
bind: "CVE-2025-47812"
Консоль
Логотип exploitDog

exploitDog

bind: "CVE-2025-47812"

Количество 3

Количество 3

nvd логотип

CVE-2025-47812

23 дня назад

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

CVSS3: 10
EPSS: Критический
github логотип

GHSA-j4xf-75rr-vvrv

23 дня назад

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

CVSS3: 10
EPSS: Критический
fstec логотип

BDU:2025-08471

около 1 месяца назад

Уязвимость веб-интерфейса FTP-сервера Wing, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

CVSS3: 10
EPSS: Критический

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

CVSS3: 10
91%
Критический
23 дня назад
github логотип
GHSA-j4xf-75rr-vvrv

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

CVSS3: 10
91%
Критический
23 дня назад
fstec логотип
BDU:2025-08471

Уязвимость веб-интерфейса FTP-сервера Wing, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

CVSS3: 10
91%
Критический
около 1 месяца назад

Уязвимостей на страницу