CSRF in Wftpserver Wing_ftp_server

CVE-2015-4108

Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lu…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.008 (75.1th percentile) — read the EPSS interpretation.

Affected products

Wftpserver Wing_ftp_server
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

20150605 [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
20150605 Wing FTP Server Remote Code Execution vulnerability (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
20150605 [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities (mailing-list, x_refsource_BUGTRAQ)