CVE ID : CVE-2025-27889
Published : July 10, 2025, 5:15 p.m. | 2 hours, 3 minutes ago
Description : Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More
