Vulnerability CVE-2023-42657


Published: 2023-09-27

Description:

In WS_FTP Server version 8.7.0 prior to 8.7.4 and

version 8.8.0 prior to 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.  Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.

 References:
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
https://www.progress.com/ws_ftp

Copyright 2026, cxsecurity.com

 

Back to Top