Exploit for WingFTP username null byte command execution

Name: Exploit for WingFTP username null byte command execution
Rating: 5 (1 reviews)

2025-07-02 | CVSS 0.0

## https://sploitus.com/exploit?id=SAINT:1B7EA17668B9D2C42A67B18D64E7011A
Added: 07/02/2025  


### Background

Wing FTP Server is free FTP server software for Windows, Linux, and Mac OS. 

### Problem

A command injection vulnerability allows a remote unauthenticated attacker to execute arbitrary commands by sending a username with a null byte in a login request. 

### Resolution

Upgrade to Wing FTP Server 7.4.4 or higher. 

### References

https://packetstorm.news/files/id/204946/