A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: directcyber
Published: 2024-04-22T19:21:46.408Z
Updated: 2024-08-01T20:26:57.283Z
Reserved: 2024-04-22T19:08:08.183Z
Link: CVE-2024-4040
Vulnrichment
Updated: 2024-08-01T20:26:57.283Z
NVD
Status : Modified
Published: 2024-04-22T20:15:07.803
Modified: 2024-11-21T09:42:05.023
Link: CVE-2024-4040
Redhat
No data.