Vulnerabilidades en Wftpserver
5 resultadosCVE-2025-47812CRITICALIn Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua codeEPSS 95.3%KEVCVE-2025-47813MEDIUMloginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UIEPSS 56.4%KEVCVE-2025-47811MEDIUMIn Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. ThEPSS 3.5%CVE-2025-27889LOWWing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injectionEPSS 0.4%CVE-2019-25267HIGHWing FTP Server 6.0.7 - Unquoted Service PathEPSS 0.2%