Shodan
Vulnerabilities
Vulnerable Software
Progress:  >> Ws Ftp Server  >> 8.7.6  Security Vulnerabilities
CVE-2024-7744
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.   An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-28
CVE-2024-7745
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-08-28
CVE-2024-1474
In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-21
CVE-2023-40049
In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-09-27
CVE-2023-40048
In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.
CVSS Score
6.8
EPSS Score
0.005
Published
2023-09-27
CVE-2023-40047
In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads.  Once the cross-site scripting payload is successfully stored,  an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
CVSS Score
8.3
EPSS Score
0.0
Published
2023-09-27
CVE-2023-24029
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-02-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved