CISA flags Wing FTP Server flaw as actively exploited in attacks

CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks.
SecurityWeek

CISA Flags Year-Old Wing FTP Vulnerability as Exploited

CISA warns that a Wing FTP vulnerability leading to the disclosure of the full local installation path has been exploited in attacks.

Federal agencies urged to patch Wing FTP Server flaw following CISA warning

A vulnerability was added to the database, and it was found to be exploited in the wild.
GitHub

Cross-origin-HTTP-server.ino

return ""; // if not handeled above then let the HTTP server send the reply itself (server files stored in /var/www/html directory or send 404 reply) ...