This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: `loginok.html` leaks the local installation path via an error message. π₯ **Consequences**: Information Disclosure (CWE-209).β¦
π‘οΈ **Root Cause**: Improper validation of the `UID` session cookie. π **Flaw**: Supplying an overlong `UID` value triggers a server error that exposes the full local filesystem path.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: Wing FTP Server. π **Versions**: All versions **prior to 7.4.4**. π’ **Vendor**: wftpserver.
π **Public Exp**: Yes. π§ͺ **PoC**: Available via Nuclei templates (projectdiscovery). π **Link**: `http/cves/2025/CVE-2025-47813.yaml`. π **Wild Exp**: Low complexity, but auth required.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Send a malformed/overlong `UID` cookie to `/loginok.html`. π **Indicator**: Look for error responses containing the full local filesystem path.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Fixed**: Yes. β **Patch**: Upgrade to **Wing FTP Server 7.4.4** or later. π **Published**: 2025-07-10.
Q9What if no patch? (Workaround)
π§ **No Patch?**: Restrict access to `/loginok.html`. π **Mitigation**: Ensure strict input validation for `UID` cookies. π **Block**: Limit network exposure if possible.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: High Priority. π **CVSS**: 5.3 (Medium). β‘ **Reason**: Authenticated info disclosure is a stepping stone to RCE. Patch immediately to prevent chaining attacks.