CVE-2023-40046: WS_FTP Server SQL Injection via Administrative Interface
First published: Wed Sep 27 2023(Updated: )
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.
Credit: security@progress.com security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress Ws Ftp Server | <8.7.4 | |
| Progress Ws Ftp Server | >=8.8<8.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-40046?
CVE-2023-40046 is a SQL injection vulnerability in WS_FTP Server versions prior to 8.7.4 and 8.8.2.
How does the SQL injection vulnerability in WS_FTP Server work?
The SQL injection vulnerability in WS_FTP Server allows an attacker to execute SQL statements that can alter or delete database elements.
What is the severity of CVE-2023-40046?
The severity of CVE-2023-40046 is high with a CVSS score of 7.2.
What software versions are affected by CVE-2023-40046?
WS_FTP Server versions prior to 8.7.4 and 8.8.2 are affected by CVE-2023-40046.
How can I fix CVE-2023-40046?
To fix CVE-2023-40046, update WS_FTP Server to version 8.7.4 or 8.8.2 depending on your current version.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/progress
- canonical/progress ws ftp server
- version/progress ws ftp server/8.8