CVE-2020-9470

HIGH

Wing FTP Server < 6.2.5 - Session Cookie Exposure via Insecure Directory Permissions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9470. PoCs published by Al1ex.

AI-analyzed exploit summary This repository contains a functional privilege escalation exploit for Wing FTP Server 6.2.5 (CVE-2020-9470). The exploit steals an admin session, modifies it to bypass IP restrictions, and uses the admin's session to execute Lua commands that set a SUID bit on a backdoor binary, leading to root access.

Description

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel.

Exploits (1)

nomisec WORKING POC
by Al1ex · poc
https://github.com/Al1ex/CVE-2020-9470

This repository contains a functional privilege escalation exploit for Wing FTP Server 6.2.5 (CVE-2020-9470). The exploit steals an admin session, modifies it to bypass IP restrictions, and uses the admin's session to execute Lua commands that set a SUID bit on a backdoor binary, leading to root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Wing FTP Server v6.2.5 and prior
No auth needed
Prerequisites: Local access to the system · An active admin session to steal
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.hooperlabs.xyz/disclosures/cve-2020-9470.php

Scores

CVSS v3 7.8
EPSS 0.0058
EPSS Percentile 43.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
wftpserver/wing_ftp_server < 6.2.5
Published Mar 07, 2020
Tracked Since Feb 18, 2026