Details and PoC for that WS_FTP 10.0 CVSS vulnerability (CVE-2023-40044):

https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044

Exploitation requires an HTTPS POST request.

There are currently more than 550 WS_FTP servers connected to the internet, according to Shodan.

This is very bad!