CVE-2020-37079 - Vulnerability Details

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://www.exploit-db.com/exploits/48200
https://www.vulncheck.com/advisories/wing-ftp-server-cross-site-request-forgery
https://www.wftpserver.com
https://www.wftpserver.com/serverhistory.htm

History

Fri, 06 Feb 2026 23:30:00 +0000

Type	Values Removed	Values Added
Description		Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.
Title		Wing FTP Server < 6.2.7 - Cross-site Request Forgery
Weaknesses		CWE-352
References		https://www.exploit-db.com/exploits/48200 https://www.vulncheck.com/advisories/wing-ftp-server-cross-site-request-forgery https://www.wftpserver.com https://www.wftpserver.com/serverhistory.htm
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-02-06T23:16:47.715Z

Updated: 2026-02-06T23:16:47.715Z

Reserved: 2026-02-01T13:16:06.486Z

Link: CVE-2020-37079

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-07T00:15:53.720

Modified: 2026-02-07T00:15:53.720

Link: CVE-2020-37079

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object