Full title: Wing FTP Server Authenticated Command Execution Exploit 
Category: remote exploits
Platform: multiple
This Metasploit module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.

# 0day.today @ http://0day.today/