In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
Published: 2023-10-02
Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10
https://therecord.media/progress-new-file-transfer-vulnerability
https://www.theregister.com/2023/10/02/ws_ftp_update/
https://www.progress.com/ws_ftp
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
https://censys.com/cve-2023-40044/