Unrated severityNVD Advisory· Published Jan 30, 2026· Updated Mar 5, 2026

Wing FTP Server 6.3.8 - Remote Code Execution

CVE-2020-37032

Description

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.

Affected products

Winftp Server/Winftp Serverllm-fuzzy
Range: = 6.3.8
Wing FTP Server/Wing FTP Serverv5
Range: 6.3.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/48676mitreexploit
www.vulncheck.com/advisories/wing-ftp-server-remote-code-executionmitrethird-party-advisory
www.wftpserver.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000