CVE-2023-40046
published 2023-09-27CVE-2023-40046: In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to…
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.85%
53.7th percentile
In WS_FTP Server versions prior to 8.7.4 and 8.8.2,
a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | ws_ftp_server | < 8.7.4 | 8.7.4 |
| progress | ws_ftp_server | >= 8.8 < 8.8.2 | 8.8.2 |
| progress_software_corporation | ws_ftp_server | >= 8.7.0 < 8.7.4 | 8.7.4 |
| progress_software_corporation | ws_ftp_server | >= 8.8.0 < 8.8.2 | 8.8.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
blogs_tenable·2023-10-02·CVSS 10.0
[CRITICAL] CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Huntress
Critical Vulnerabilities: WS_FTP Exploitation | Huntress
blogs_huntress·2023-10-02·CVSS 6.1
CVE-2023-40044 [MEDIUM] Critical Vulnerabilities: WS_FTP Exploitation | Huntress
On Thursday, September 28, 2023, software vendor Progress released a security advisory for numerous vulnerabilities affecting the WS_FTP Server Ad Hoc Transfer Module within their WS_FTP software.
These vulnerabilities were disclosed as:
CVE-2023-40044 (CVSS: 10)
CVE-2023-42657 (CVSS 9.9)
CVE-2023-40045 (CVSS 8.3)
CVE-2023-40046 (CVSS 8.2)
CVE-2023-40048 (CVSS 6.8)
CVE-2022-27665 (CVSS 6.1)
CVE-2023-40049 (CVSS 5.3)
Most notable amongst these were CVE-2023-40044 and CVE-2023-42657, both critical severity issues. Throughout this past weekend, the cybersecurity industry has been chasing CVE-2023-40044 specifically.
## What We Know So Far
As disclosed by Progress , CVE-2023-40044 is the critical (CVSS: 10) remote code execution vulnerability that does not require authentication.
F
Huntress
Critical Vulnerabilities: WS_FTP Exploitation | Huntress
blogs_huntress·CVSS 6.1
CVE-2023-40044 [MEDIUM] Critical Vulnerabilities: WS_FTP Exploitation | Huntress
On Thursday, September 28, 2023, software vendor Progress released a security advisory for numerous vulnerabilities affecting the WS_FTP Server Ad Hoc Transfer Module within their WS_FTP software.
These vulnerabilities were disclosed as:
- CVE-2023-40044 (CVSS: 10)
- CVE-2023-42657 (CVSS 9.9)
- CVE-2023-40045 (CVSS 8.3)
- CVE-2023-40046 (CVSS 8.2)
- CVE-2023-40048 (CVSS 6.8)
- CVE-2022-27665 (CVSS 6.1)
- CVE-2023-40049 (CVSS 5.3)
Most notable amongst these were CVE-2023-40044 and CVE-2023-42657, both critical severity issues. Throughout this past weekend, the cybersecurity industry has been chasing CVE-2023-40044 specifically.
## What We Know So Far
As disclosed by Progress, CVE-2023-40044 is the critical (CVSS: 10) remote code execution vulnerability that does not require authenticat
2023-09-27
Published