Vulnerability Details CVE-2020-37032
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.2%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2020-37032
-
cpe:2.3:a:wftpserver:wing_ftp_server:6.3.8