cbcvebase.
CVE-2023-40048
published 2023-09-27

CVE-2023-40048: In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction…

PriorityP431medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
0.35%
27.0th percentile
In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.

Affected

2 ranges
VendorProductVersion rangeFixed in
progressws_ftp_server< 8.8.28.8.2
progress_software_corporationws_ftp_server>= 8.8.0 < 8.8.28.8.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.