← Volver a CVEs
CVE-2023-40046
HIGH8.2
Descripcion
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.
Detalles CVE
Puntuacion CVSS v3.18.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado9/27/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
progress:ws_ftp_server
Debilidades (CWE)
CWE-89CWE-89
Referencias
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023(security@progress.com)
https://www.progress.com/ws_ftp(security@progress.com)
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023(af854a3a-2127-422b-91ae-364da2661108)
https://www.progress.com/ws_ftp(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.