Cross-Site Scripting Vulnerability in NetWin SurgeFTP
CVE-2010-1068

Currently unrated

Key Information:

Vendor

Netwin

Status
Surgeftp
Vendor
CVE Published:
23 March 2010

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2010-1068?

The vulnerability in NetWin SurgeFTP 2.3a6 allows attackers to exploit the surgeftpmgr.cgi script by injecting malicious web scripts or HTML code via the domainid and classid parameters during specific class actions. This could lead to unauthorized script execution in users' browsers, compromising sensitive information and leading to further attacks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-1068 - Proof of Concept

References

http://secunia.com/advisories/38097
third-party-advisoryx_refsource_SECUNIA
http://www.exploit-db.com/exploits/11092
exploitx_refsource_EXPLOIT-DB
https://exchange.xforce.ibmcloud.com/vulnerabilities/55509
vdb-entryx_refsource_XF

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.