Title: Wing FTP Server < 6.2.7 - Cross-site Request Forgery Severity: Medium Date: 2/6/2026 CVE Identifier: CVE-2020-37079 Vulnerability Type: Cross-Site Request Forgery (CSRF) CVSS Base Metrics: - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N References: - ExploitDB-48200 - Wing FTP Server Official Homepage - Wing FTP Server Version History Credit: Dhiraj Mishra Description: Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.