CNNVD-202601-5002 Information

CNNVD ID

CNNVD-202601-5002

Related CVE

CVE-2020-37032

• CNNVD Published: 2026-01-30

Description (Chinese)

Wing FTP Server是Wing FTP Server开源的一套跨平台的FTP服务器软件。 Wing FTP Server 6.3.8版本存在操作系统命令注入漏洞，该漏洞源于基于Lua的Web控制台存在命令执行功能，可能导致经过身份验证的用户执行系统命令。

Description (English)

Wing FTP Server is a cross-platform FTP server software from Wing FTP Server Open Source. Wing FTP Server 6.3.8 has a gap in the operating system command, which stems from the existence of command execution functions at the Web console based on Lua, which may result in the system command being executed by an identified user.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Wing FTP Server

Published

2026-01-30

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/48676 https://www.vulncheck.com/advisories/wing-ftp-server-remote-code-execution https://www.wftpserver.com/

Patch

https://www.wftpserver.com/download.htm