Wing Ftp Server Security Vulnerabilities and Issues — Wing Ftp Server CVE List

Lucene search

WftpserverWing Ftp Server

4 matches found

CVE•added 2025/07/10 5:15 p.m.•72 views

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thu...

10CVSS8.7AI score0.83375EPSS

CVE•added 2025/07/10 5:15 p.m.•14 views

CVE-2025-47813

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

4.3CVSS6.4AI score0.0123EPSS

CVE•added 2025/07/10 5:15 p.m.•9 views

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e., through the web console or the task scheduler), and they ar...

6.6CVSS9.7AI score0.83375EPSS

CVE•added 2025/07/10 5:15 p.m.•8 views

CVE-2025-27889

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker.

8.8CVSS7AI score0.0003EPSS