Netwin SurgeFTP <= v23c8 Authenticated RCE

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

NetWin Netwin SurgeFTP 安全漏洞

NetWin Netwin SurgeFTP是新西兰NetWin公司的一款多平台FTP服务器软件。 NetWin Netwin SurgeFTP 23c8及之前版本存在安全漏洞，该漏洞源于未正确处理POST请求，可能导致远程命令执行。

N/A

N/A