cbcvebase.
CVE-2012-10028
published 2025-08-05

CVE-2012-10028: Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary…

PriorityP261high8.6CVSS 4.0
AVNACLATNPRHUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.94%
56.3th percentile
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.

Affected

1 ranges
VendorProductVersion rangeFixed in
netwinsurgeftp<= 23c8

Detection & IOCsextracted from sources · hover to see the quote

pathsurgeftpmgr.cgi
versionSurgeFTP 23c8
  • Monitor for authenticated POST requests targeting surgeftpmgr.cgi on the SurgeFTP web-based administrative console, which may indicate command injection attempts.
  • Exploitation requires valid credentials to the web-based administrative console; investigate any successful logins to the SurgeFTP admin panel followed by POST activity to surgeftpmgr.cgi.
  • A public Metasploit module exists for this vulnerability targeting Netwin SurgeFTP 23c8 or prior; watch for exploit framework signatures in HTTP traffic.
  • ·Exploitation is authenticated-only; the attacker must first obtain valid admin console credentials before achieving remote code execution.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.