CVE-2024-4040 [CRITICAL] :

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

Hacking Notes

learn

This repo offers notes and resources on ethical hacking, covering information gathering, scanning, web hacking, exploitation, and Windows/Linux hacking.

https://www.hacking-notes.com/

Listed: Wed May 01 2024