Summary
This host is installed with Wing FTP Server
and is prone to authenticated remote code execution vulnerability.
Impact
Successful exploitation will allow an
authenticated remote attacker to execute arbitrary commands.
Impact Level: Application
Solution
No solution or patch is available as of
9th February, 2015. Information regarding this issue will be updated once the solution details are available, For updates refer http://www.wftpserver.com
Insight
Flaw is due to the os.execute() function
in the embedded LUA interpreter in the admin web interface is not properly handling specially crafted HTTP POST requests.
Affected
Wing FTP Server version 4.3.8, Prior
versions may also be affected.
Detection
Send a crafted exploit string via HTTP
GET request and check whether it is able to execute the code remotely.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 8.2
AV:N/AC:M/Au:S/C:C/I:C/A:P
Related Vulnerabilities
- Adobe ColdFusion Information Disclosure Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- artmedic_links5 File Inclusion Vulnerability
- ActivePerl perlIS.dll Buffer Overflow
- A Really Simple Chat Multiple SQL Injection Vulnerabilities