CVE-2022-50934

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions 4.3.8 and below

Description The software contains a remote code execution issue that allows attackers to execute arbitrary PowerShell commands. An attacker can leverage a crafted Lua script payload with base64-encoded PowerShell to establish a reverse TCP shell. This is achieved by authenticating and sending a malicious request to the admin panel. The affected API endpoint is the admin interface. The vulnerable parameter is the request sent to the admin panel containing the Lua script payload.

Recommendations Update Wing FTP Server to a version newer than 4.3.8.