Title: Local Privilege Escalation via Serv-U FTP Server
Discovery: Chris Moberly on behalf of The Missing Link Security
The Serv-U FTP Server is vulnerable to authentication bypass leading to privilege escalation in Windows operating environments due to broken access controls. This can only be exploited by users who already have local access to the Serv-U server.
Vulnerable version: 126.96.36.199 and earlier
Fixed in: 15.1.7