High severity7.8NVD Advisory· Published Jun 19, 2022· Updated Jun 17, 2026
CVE-2022-34006
CVE-2022-34006
Description
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.
Affected products
3- TitanFTP/TitanFTP NextGendescription
Patches
Vulnerability mechanics
References
1- www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdfnvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.