Cross-Site Request Forgery Vulnerabilities in Wing FTP Server by Wing FTP
CVE-2015-4108

Currently unrated

Key Information:

Vendor: Wftpserver
Status: Wing Ftp Server
Vendor: CVE Published:; 10 June 2015

What is CVE-2015-4108?

Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server versions prior to 4.4.7 expose administrators to the risk of authentication hijacking. Attackers can exploit these vulnerabilities by sending crafted requests that may execute arbitrary code or grant unauthorized administrative access through scripts intended for administrative functions. This can lead to significant security breaches, allowing malicious parties to control server functionalities without proper authorization.

References

http://www.securityfocus.com/archive/1/535681/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/132180/Wing-FTP-4.4....

x_refsource_MISC

http://packetstormsecurity.com/files/132179/Wing-FTP-4.4....

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2015
Vulnerability Reserved
May 28, 2015

Wftpserver

What is CVE-2015-4108?

References

Timeline