CVE-2023-40046 HIGH

CVE-2023-40046: WS_FTP Server SQL Injection via Administrative Interface

Vendor Progress Software Corporation
Product WS_FTP Server
Weakness CWE-89 · SQLi
Published September 27, 2023
Last update September 23, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

Key dates

02Disclosure timeline

September 27, 2023 CVE published
September 23, 2024 Record updated