CRITICAL🇬🇧 English

CVE-2023-42659

CVSS 9.1v3.1pub. 2023-11-07upd. 2024-11-21

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
  • Progress Ws Ftp Server

    APP
    Progress
    < 8.7.68.8.0 – 8.8.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-40044CRITICAL10.0⚠ KEVten sam produkt

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deseria...

CVE-2023-42657CRITICAL9.9ten sam produkt

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An...

CVE-2024-1474HIGH7.5ten sam produkt

In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various ...

CVE-2023-40047HIGH8.3ten sam produkt

In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP...

CVE-2023-40045HIGH8.3ten sam produkt

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability ...