A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: directcyber

Published: 2024-04-22T19:21:46.408Z

Updated: 2024-08-01T20:26:57.283Z

Reserved: 2024-04-22T19:08:08.183Z

Link: CVE-2024-4040

cve-icon Vulnrichment

Updated: 2024-08-01T20:26:57.283Z

cve-icon NVD

Status : Modified

Published: 2024-04-22T20:15:07.803

Modified: 2024-11-21T09:42:05.023

Link: CVE-2024-4040

cve-icon Redhat

No data.