WS_FTP Server SQL Injection via Administrative Interface
CVE-2023-40046

8.2HIGH

Key Information:

Vendor: Progress Software
Status: Ws Ftp Server
Vendor: CVE Published:; 27 September 2023

Summary

A SQL injection vulnerability in the WS_FTP Server manager interface allows attackers to potentially infer the structure and content of the underlying database. By exploiting this weakness, an unauthorized party may gain the ability to execute arbitrary SQL statements, leading to unauthorized alteration or deletion of database elements. Users of WS_FTP Server versions before 8.7.4 and 8.8.2 are advised to upgrade to mitigate these risks.

Affected Version(s)

WS_FTP Server 8.8.0

WS_FTP Server 8.8.0 < 8.8.2

WS_FTP Server 8.7.0 < 8.7.4

References

https://www.progress.com/ws_ftp

product

https://community.progress.com/s/article/WS-FTP-Server-Cr...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Aug 8, 2023