Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Wing FTP Server Authenticated Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Wing FTP Server versions 4.3.8 and prior. This vulnerability allows authenticated attackers to execute arbitrary PowerShell commands via the admin interface. Exploitation involves sending a crafted Lua script payload, encoded in base64, that can establish a reverse TCP shell. The vulnerability arises from improper control over code execution, enabling attackers to inject and execute malicious commands on the server.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server, with the potential to execute arbitrary PowerShell commands.

Reproduction

To reproduce this vulnerability, authenticate to the admin interface of Wing FTP Server 4.3.8 or earlier. Once logged in, navigate to the Lua script execution feature in the admin panel. Upload a Lua script payload that includes base64-encoded PowerShell commands. When the payload is executed, it can establish a reverse TCP shell, allowing for remote code execution on the server.

Added: Jan 13, 2026, 11:59 PM
Updated: Jan 13, 2026, 11:59 PM

Vulnerability Rating

Custom Algorithm
spread
1.9
impact
10.0
exploitability
6.5
remediation
0.0
relevance
2.0
threat
8.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.