CVE-2023-42659

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.

Published: Nov 7, 2023
Updated: Nov 15, 2023
CVE: CVE-2023-42659
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
progress / ws_ftp_server	8.8.0	8.8.4
progress / ws_ftp_server	-	8.7.6

https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
https://www.progress.com/ws_ftp

Vulnerability Database

289,697

CVE-2023-42659