Title: Multiple CSRF on WS_FTP lead to RCE
CVE ID: CVE-2022-36968
CVSSv3 Base Score: 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
Products: WS_FTP Server
Advisory Release Date: 08-02-22
Advisory URL: https://labs.integrity.pt/advisories/cve-2022-36968
Credits: Discovery by Guilherme Santos (rondons) <guilherme.santos[at]devoteam.com> & Caio Farias (g3n3) <caio.farias[at]devoteam.com>
In WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery attacks. This includes the ability to modify or upload scripts that run when the software is started or when a user logins (or fails to login), leading to Remote Code Execution.