In WS_FTP Server version 8.7.0 prior to 8.7.4 and ...
High severity
Unreviewed
Published
Sep 27, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Sep 27, 2023
Published to the GitHub Advisory Database
Sep 27, 2023
Last updated
Apr 4, 2024
In WS_FTP Server version 8.7.0 prior to 8.7.4 and
version 8.8.0 prior to 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
References