Remote Code Execution Vulnerability in Netwin SurgeFTP Web Console
CVE-2012-10028
8.6HIGH
Key Information:
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2012-10028?
Netwin SurgeFTP versions up to 23c8 have a security flaw in the web-based administrative interface that allows authenticated users to execute arbitrary system commands. This vulnerability arises from improper handling of crafted POST requests to the 'surgeftpmgr.cgi' script, potentially allowing attackers to gain unauthorized control over the affected system.
Affected Version(s)
SurgeFTP * <= 23c8
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Spencer McIntyre