CVE-2023-40046

In WS_FTP Server versions prior to 8.7.4 and 8.8.2,

a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

Published: Sep 27, 2023
Updated: Sep 28, 2023
CVE: CVE-2023-40046
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
progress / ws_ftp_server	-	8.7.4
progress / ws_ftp_server	8.8	8.8.2

https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
https://www.progress.com/ws_ftp

Vulnerability Database

289,697

CVE-2023-40046