Wftpserver Wing Ftp Server
5 CVEs affecting Wftpserver Wing Ftp Server. Latest disclosed: 2026-02-04. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47812 | Critical | 10.0 | 2025-07-10 | In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session… |
CVE-2019-25267 | High | 7.8 | 2026-02-04 | Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system pr… |
CVE-2025-47813 | Medium | 4.3 | 2025-07-10 | loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie. |
CVE-2025-47811 | Medium | 4.1 | 2025-07-10 | In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application i… |
CVE-2025-27889 | Low | 3.4 | 2025-07-10 | Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary li… |