CVE-2023-40046
8.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Summary
In WS_FTP Server versions prior to 8.7.4 and 8.8.2,
a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Progress Software Corporation | WS_FTP Server | 8.8.0 < 8.8.2 | affected |
| Progress Software Corporation | WS_FTP Server | 8.7.0 < 8.7.4 | affected |
Weaknesses
- CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://www.progress.com/ws_ftp
- https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.progress.com/ws_ftp
- https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.