CVE-2025-47813: CWE-209 Generation of Error Message Containing Sensitive Information in wftpserver Wing FTP Server
Severity: mediumType: vulnerabilityCVE-2025-47813
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
CVE-2025-47813: CWE-209 Generation of Error Message Containing Sensitive Information in wftpserver Wing FTP Server
Medium
Published: Thu Jul 10 2025 (07/10/2025, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: wftpserver
Product: Wing FTP Server
Description
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-05-10T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686ff1d3a83201eaaca8df04
Added to database: 7/10/2025, 5:01:07 PM
Last updated: 7/10/2025, 5:01:07 PM
Views: 1
Related Threats
CVE-2025-47811: CWE-267 Privilege Defined With Unsafe Actions in wftpserver Wing FTP Server
MediumVulnerabilityThu Jul 10 2025
CVE-2025-27889: CWE-15 External Control of System or Configuration Setting in wftpserver Wing FTP Server
LowVulnerabilityThu Jul 10 2025
CVE-2025-23048: CWE-284 Improper Access Control in Apache Software Foundation Apache HTTP Server
UnknownVulnerabilityThu Jul 10 2025
CVE-2025-7409: SQL Injection in code-projects Mobile Shop
MediumVulnerabilityThu Jul 10 2025
CVE-2025-49464: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Zoom Communications Inc. Zoom Clients for Windows
MediumVulnerabilityThu Jul 10 2025
Actions
Please log in to the Console to use AI analysis features.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.