CVE-2020-37079
EUVD-2020-3112107.02.2026, 00:15
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| wftpserver | wing_ftp_server | 𝑥 < 6.2.7 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration