4 matches found
CVE-2025-27889
Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker...
CVE-2025-27889
Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker...
CVE-2025-27889
Technical details for CVE-2025-27889 are not provided in the connected documents; the supplied materials focus on CVE-2025-47812 and lack specifics (product/version/impact) for CVE-2025-27889. Monitor for updates.
CVE-2025-27889
Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker...