CVE-2012-10028

HIGH

Netwin SurgeFTP <23c8 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-10028. PoCs published by Metasploit, Spencer McIntyre, Spencer McIntyre, sinn3r, including Metasploit module exploits/multi/http/netwin_surgeftp_exec.

AI-analyzed exploit summary This Metasploit module exploits a remote command execution vulnerability in Netwin SurgeFTP by authenticating to the web-based administrative console and sending a crafted POST request to execute arbitrary commands via the 'authent_process' parameter.

Description

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/23601

This Metasploit module exploits a remote command execution vulnerability in Netwin SurgeFTP by authenticating to the web-based administrative console and sending a crafted POST request to execute arbitrary commands via the 'authent_process' parameter.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netwin SurgeFTP version 23c8 or prior
Auth required
Prerequisites: Valid credentials for the web-based administrative console · Network access to the SurgeFTP administrative interface (port 7021 by default)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Spencer McIntyre · rubyremotemultiple
https://www.exploit-db.com/exploits/23522

This Metasploit module exploits a command injection vulnerability in SurgeFTP's web-based administrative console by sending a crafted POST request to the `/cgi/surgeftpmgr.cgi` endpoint with an arbitrary command embedded in the `authent_process` parameter.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SurgeFTP
Auth required
Prerequisites: Valid admin credentials for SurgeFTP · Access to the SurgeFTP administrative console
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC GOOD
by Spencer McIntyre, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/netwin_surgeftp_exec.rb

This Metasploit module exploits a vulnerability in Netwin SurgeFTP (version 23c8 or prior) to achieve remote command execution. It leverages authenticated access to the web-based administrative console to execute arbitrary commands via the `surgeftpmgr.cgi` endpoint.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netwin SurgeFTP <= 23c8
Auth required
Prerequisites: Valid credentials for the web-based administrative console · Network access to the target's HTTP management interface (port 7021)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 8.6
EPSS 0.0094
EPSS Percentile 56.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
Netwin/SurgeFTP < 23c8
Published Aug 05, 2025
Tracked Since Feb 18, 2026