WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability
CVE-2023-40048
6.8MEDIUM
Summary
In WS_FTP Server version prior to 8.8.2,
the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.
Affected Version(s)
WS_FTP Server 8.8.0
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Cristian Mocanu - Deloitte