CVE-2023-40046

Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.7.4 WS FTP Server versions prior to 8.8.2

Description A SQL injection vulnerability exists in the WS FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

Recommendations For WS FTP Server versions prior to 8.7.4, update to version 8.7.4 or later. For WS FTP Server versions prior to 8.8.2, update to version 8.8.2 or later. As a temporary workaround, consider restricting access to the WS FTP Server manager interface until a patch is available.