Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
系统设置或配置在外部可控制
Vulnerability Title
多款产品安全漏洞
Vulnerability Description
Wing FTP Server是Wing FTP Server开源的一套跨平台的FTP服务器软件。 Wing FTP Server 7.4.4之前版本存在安全漏洞,该漏洞源于未正确验证和清理downloadpass.html端点的url参数,可能导致明文密码泄露。
CVSS Information
N/A
Vulnerability Type
N/A