EIP-2026-119453

PRE-CVE

Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119453. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This advisory details CSRF and XSS vulnerabilities in Wing FTP Server Admin 4.4.5, allowing remote attackers to add arbitrary users via crafted URLs. The PoC demonstrates exploitation through the `domain` and `type` parameters in admin pages.

Description

Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textwebappswindows

https://www.exploit-db.com/exploits/36861

View Code ZIP pw:eip

This advisory details CSRF and XSS vulnerabilities in Wing FTP Server Admin 4.4.5, allowing remote attackers to add arbitrary users via crafted URLs. The PoC demonstrates exploitation through the `domain` and `type` parameters in admin pages.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Wing FTP Server Admin 4.4.5

No auth needed

Prerequisites: Victim interaction (clicking a malicious link) · Access to the admin interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026