CVE-2020-37079 PUBLISHED

Wing FTP Server < 6.2.7 - Cross-site Request Forgery

Assigner: VulnCheck
Reserved: 01.02.2026 Published: 06.02.2026 Updated: 06.02.2026

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 5.1

Product Status

Vendor Wing FTP Server
Product Wing FTP Server
Versions
  • Version 6.2.6 is affected

Credits

  • Dhiraj Mishra finder

References

Problem Types

  • Cross-Site Request Forgery (CSRF) CWE