Primary

Context

Wing FTP Server Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in Wing FTP Server version 6.0.7 due to an unquoted service path. This flaw allows local attackers to execute arbitrary code with elevated privileges. Exploitation involves injecting malicious executables into the unquoted binary path of the service, which are then executed with LocalSystem rights.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated system privileges, potentially allowing for significant changes to the system or application.

Reproduction

The vulnerability can be reproduced by injecting a malicious executable into the unquoted service path of the Wing FTP Server. Once the executable is injected, it will be executed with LocalSystem privileges, allowing for arbitrary code execution on the system.

Added: Feb 5, 2026, 12:42 AM

Updated: Feb 5, 2026, 12:42 AM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

4.8

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

4.8

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wing FTP Server Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Wing FTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating