CVE-2022-50934

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

14 Jan 2026, 19:16

Type Values Removed Values Added
Summary (en) Wing FTP Server versions 4.3.8 and below contain an authenticated remote code execution vulnerability that allows attackers to execute arbitrary PowerShell commands through the admin interface. Attackers can leverage a crafted Lua script payload with base64-encoded PowerShell to establish a reverse TCP shell by authenticating and sending a malicious request to the admin panel. (en) Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
CWE CWE-94
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : unknown
References
  • {'url': 'https://www.exploit-db.com/exploits/50720', 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://www.vulncheck.com/advisories/wing-ftp-server-authenticated-rce', 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://www.wftpserver.com/', 'source': 'disclosure@vulncheck.com'}

13 Jan 2026, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-13 23:15

Updated : 2026-01-14 19:16


NVD link : CVE-2022-50934

Mitre link : CVE-2022-50934

CVE.ORG link : CVE-2022-50934


JSON object : View

Products Affected

No product.

CWE

No CWE.