Wing FTP Server 6.2.5 - Privilege Escalation
A weakness in the handling of HTTP sessions within Wing FTP Server allows any local user to escalate privileges to root on Linux, MacOS, and Solaris. Exploitation is contingent on an already-established administrative session. It should be noted that version 6.2.5 was released on Februrary 27th, 2020, however, this bug was identified, reported, and patched on Februrary 28th, 2020. Therefore, some installations of Wing FTP Server showing version 6.2.5 may be vulnerable, while some may not be vulnerable.
./CVE-2020-9470.sh
