CVE-2025-27889 in Wing FTP Serverالمعلومات

الملخص

بحسب MITRE • 10/07/2025

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

مسؤول

MITRE

حجز

10/03/2025

إفشاء

10/07/2025

الاعتدال

تمت الموافقة

إدخال

VDB-316018

EPSS

0.00410

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you need the next level of professionalism?

Upgrade your account now!