CVE-2025-27889 in Wing FTP Server
الملخص
بحسب MITRE • 10/07/2025
Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker.
VulDB is the best source for vulnerability data and more expert information about this specific topic.