CVE-2023-40046

Summary

In WS_FTP Server versions prior to 8.7.4 and 8.8.2,

a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationWS_FTP Server8.8.0 < 8.8.2affected
Progress Software CorporationWS_FTP Server8.7.0 < 8.7.4affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References