PT-2026-2410 · Unknown · Wing Ftp Server

Notcos

Published

2026-01-13

Updated

2026-01-14

CVE-2022-50934

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions 4.3.8 and below

Description The software contains a remote code execution issue that allows attackers to execute arbitrary PowerShell commands. An attacker can leverage a crafted Lua script payload with base64-encoded PowerShell to establish a reverse TCP shell. This is achieved by authenticating and sending a malicious request to the admin panel. The affected API endpoint is the admin interface. The vulnerable parameter is the request sent to the admin panel containing the Lua script payload.

Recommendations Update Wing FTP Server to a version newer than 4.3.8.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2022-50934

Affected Products

Wing Ftp Server

PT-2026-2410 · Unknown · Wing Ftp Server

CVE-2022-50934

Weakness Enumeration

Related Identifiers

Affected Products

References · 5