First published: Tue Nov 07 2023(Updated: )
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.
Credit: security@progress.com
Affected Software | Affected Version | How to fix |
---|---|---|
Progress Ws Ftp Server | <8.7.6 | |
Progress Ws Ftp Server | >=8.8.0<8.8.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-42659.
The title of this vulnerability is WS_FTP Server Arbitrary File Upload.
The severity rating of CVE-2023-42659 is critical with a score of 9.1.
WS_FTP Server versions prior to 8.7.6 and versions 8.8.0 to 8.8.4 are affected by CVE-2023-42659.
An authenticated Ad Hoc Transfer user can craft an API call to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server.