QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4108

Published: Jun 10, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20150605 [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html

x_refsource_MISC

http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html

x_refsource_MISC

20150605 Wing FTP Server Remote Code Execution vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.wftpserver.com/serverhistory.htm

x_refsource_CONFIRM

20150605 [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.