CVE-2012-10028 Information
Aug 06, 2025
cve
Description
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to surgeftpmgr.cgi. This can lead to full remote code execution on the underlying system.
Reference
https://netwinsite.com/surgeftp/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/netwin_surgeftp_exec.rb https://www.exploit-db.com/exploits/23522 https://www.exploit-db.com/exploits/23601 https://www.vulncheck.com/advisories/netwin-surgeftp-auth-rce
Related CNNVD
CNNVD-202508-373 (Published: 2025-08-05)
Share on: