Login Sign Up

CVE-2020-37079

4.3 MEDIUM
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in Wing FTP Server's web administration interface allows attackers to delete administrative user accounts without authorization. Attackers can craft malicious web pages that trick authenticated administrators into executing unwanted actions. All Wing FTP Server installations with web administration enabled and running versions before 6.2.7 are affected.

💻 Affected Systems

Products:
  • Wing FTP Server
Versions: All versions prior to 6.2.7
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations with web administration interface enabled and accessible.

📦 What is this software?

Wing Ftp Server by Wftpserver

View all CVEs affecting Wing Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of administrative access to the FTP server, requiring manual recovery or reinstallation, potentially causing extended service disruption.

🟠

Likely Case

Administrative user deletion leading to temporary loss of management capabilities until account restoration or manual intervention.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if the vulnerability is patched.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the victim administrator to be logged into the web interface and visit a malicious page. Proof-of-concept exploit code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.2.7

Vendor Advisory: https://www.wftpserver.com/serverhistory.htm

Restart Required: Yes

Instructions:

1. Download Wing FTP Server version 6.2.7 or later from the official website. 2. Stop the Wing FTP Server service. 3. Install the updated version. 4. Restart the service.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to web administration forms to validate legitimate requests.

Restrict Web Admin Access

all

Limit access to the web administration interface to trusted IP addresses only.

# Configure firewall rules to restrict access to Wing FTP admin port (default 5466)

🧯 If You Can't Patch

  • Disable web administration interface and use only local management tools
  • Implement strict SameSite cookie policies and require re-authentication for sensitive actions

🔍 How to Verify

Check if Vulnerable:

Check Wing FTP Server version in administration interface or via 'wingftpserver --version' command. If version is below 6.2.7, the system is vulnerable.

Check Version:

wingftpserver --version

Verify Fix Applied:

Verify version is 6.2.7 or higher and test that CSRF protection is working by attempting to submit forms without proper tokens.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected admin user deletion events
  • Multiple failed login attempts followed by user deletion

Network Indicators:

  • HTTP POST requests to admin user deletion endpoints from unexpected sources
  • CSRF token validation failures

SIEM Query:

source="wingftp.log" AND (event="user_deleted" OR event="admin_deleted")

📊 Metadata

CVE ID: CVE-2020-37079
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-352
Published: February 7, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-37079, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)