CVE-2023-42659: WS_FTP Server Arbitrary File Upload
First published: Tue Nov 07 2023(Updated: )
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.
Credit: security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress Ws Ftp Server | <8.7.6 | |
| Progress Ws Ftp Server | >=8.8.0<8.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-42659.
What is the title of this vulnerability?
The title of this vulnerability is WS_FTP Server Arbitrary File Upload.
What is the severity rating of CVE-2023-42659?
The severity rating of CVE-2023-42659 is critical with a score of 9.1.
Which software versions are affected by CVE-2023-42659?
WS_FTP Server versions prior to 8.7.6 and versions 8.8.0 to 8.8.4 are affected by CVE-2023-42659.
How can the vulnerability be exploited?
An authenticated Ad Hoc Transfer user can craft an API call to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server.
- collector/nvd-api
- agent/weakness
- agent/severity
- agent/title
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/progress
- canonical/progress ws ftp server
- version/progress ws ftp server/8.8.0