CVE-2012-10028

Netwin SurgeFTP <= v23c8 Authenticated RCE

Description

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.

INFO

Published Date :

2025-08-05T20:04:20.181Z

Last Modified :

2025-08-07T15:49:58.666Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2012-10028 vulnerability.

Vendors	Products
Netwin	Surgeftp

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10028.

URL	Resource
https://netwinsite.com/surgeftp/
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/netwin_surgeftp_exec.rb
https://www.exploit-db.com/exploits/23522
https://www.exploit-db.com/exploits/23601
https://www.vulncheck.com/advisories/netwin-surgeftp-auth-rce

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability