Security Advisory

CVE-2012-10028

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-05 20:04:20

Last updated 2026-05-15 11:13:55

Assigner VulnCheck

State PUBLISHED

Description

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.

← Browse all CVEs View on cve.org ↗