CVE-2023-42657

Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.7.4 and 8.8.2

Description A directory traversal vulnerability was discovered in WS FTP Server, allowing an attacker to perform file operations such as delete, rename, rmdir, and mkdir on files and folders outside of their authorized WS FTP folder path. Attackers could also escape the context of the WS FTP Server file structure and perform the same level of operations on file and folder locations on the underlying operating system.

Recommendations For WS FTP Server versions prior to 8.7.4, update to version 8.7.4 or later. For WS FTP Server versions prior to 8.8.2, update to version 8.8.2 or later. As a temporary workaround, consider restricting access to sensitive files and folders to minimize the risk of exploitation.