Unrated severityNVD Advisory· Published Aug 28, 2024· Updated Aug 28, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server
CVE-2024-7744
Description
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.
An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <8.8.8
- Progress Software Corporation/WS_FTP Serverv5Range: 0
Patches
Vulnerability mechanics
References
2- community.progress.com/s/article/WS-FTP-Server-Service-Pack-August-2024mitrevendor-advisory
- www.progress.com/ftp-servermitreproduct
News mentions
0No linked articles in our index yet.