HIGH🇬🇧 English

CVE-2023-40046

CVSS 8.2v3.1pub. 2023-09-27upd. 2024-11-21

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
  • Progress Ws Ftp Server

    APP
    Progress
    < 8.7.48.8 – 8.8.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2023-40044CRITICAL10.0⚠ KEVten sam produkt

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deseria...

CVE-2023-42659CRITICAL9.1ten sam produkt

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An...

CVE-2023-42657CRITICAL9.9ten sam produkt

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An...

CVE-2024-1474HIGH7.5ten sam produkt

In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various ...

CVE-2023-40045HIGH8.3ten sam produkt

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability ...

CVE-2023-40046 — HIGH 8.2 | CVEbaza.pl