CVE-2023-40046
HIGHWS_FTP Server < 8.7.4 - SQL Injection in Manager Interface
Title source: llmDescription
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.
References (2)
Core 2
Core References
Product product
https://www.progress.com/ws_ftp
Vendor Advisory vendor-advisory
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
Scores
CVSS v3
8.2
EPSS
0.0018
EPSS Percentile
38.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
progress/ws_ftp_server
< 8.7.4
Published
Sep 27, 2023
Tracked Since
Feb 18, 2026