NVD

Id
25615  
Name
CVE-2015-4108  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-06-10  
Modified Date
2015-06-11  
Seq
2015-4108  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
135537 25615 CVE-2015-4108 http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html  View
135538 25615 CVE-2015-4108 http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html  View
135539 25615 CVE-2015-4108 20150605 [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability  View
135540 25615 CVE-2015-4108 20150605 [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities  View
135541 25615 CVE-2015-4108 20150605 Wing FTP Server Remote Code Execution vulnerability  View
135542 25615 CVE-2015-4108 http://www.wftpserver.com/serverhistory.htm  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7743 JVNDB-2015-003063 Wing FTP Server におけるクロスサイトリクエストフォージェリの脆弱性 Wing FTP Server には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2015-4108 81333 CVE-2015-4108 25615 6.8 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-003063.html 2015-05-29 2015-06-12 View