WS_FTP Server SQL Injection via Administrative Interface
CVE-2023-40046

8.2HIGH

Key Information:

Vendor: Progress Software
Status: Ws Ftp Server
Vendor: CVE Published:; 27 September 2023

Summary

In WS_FTP Server versions prior to 8.7.4 and 8.8.2,

a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

Affected Version(s)

WS_FTP Server 8.8.0

WS_FTP Server 8.8.0 < 8.8.2

WS_FTP Server 8.7.0 < 8.7.4

References

https://www.progress.com/ws_ftp

product

https://community.progress.com/s/article/WS-FTP-Server-Cr...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Aug 8, 2023

Collectors

NVD DatabaseMitre Database