Securiti Blog
Stay Ahead in Data Security, Gavernance, Privacy and Compliance. Explore expert insights on governance and data privacy at our blog. Stay informed with our thought-provoking articles, news, and industry updates.
Listed:
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.