CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access | allinfosecnews.com

April 24, 2024, 1:50 p.m. | Guru Baran

Cyber Security News cybersecuritynews.com

CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0. The vulnerability allows remote attackers with low privileges to bypass the VFS sandbox and read arbitrary files on the underlying filesystem. It could be exploited for server-side template injection (SSTI) attacks, granting attackers complete control over the compromised CrushFTP server and allowing remote […]

The post CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access appeared first on Cyber Security News.

access arbitrary files attackers attacks bypass compromised control crushftp cve cve-2024 cve-2024-4040 exploited files filesystem injection low privileges sandbox server server security ssti template template injection vulnerability zero-day zero-day vulnerability

More from cybersecuritynews.com / Cyber Security News

LATRODECTUS Loader Getting Popular Among Cybercriminals, Is It Replacing ICEDID! an hour ago | cybersecuritynews.com

bypass code cybercriminals cyber security +26

30+ Tesla Cars Hacked Using Third-Party Software 1 day, 11 hours ago | cybersecuritynews.com

access cars collect cyber security +23

How to Use Threat Intelligence Feeds for SOC/DFIR Teams 1 day, 12 hours ago | cybersecuritynews.com

block can compromise cyber security +28

YARA, the Malware Researchers Toolbox Evolved 1 day, 15 hours ago | cybersecuritynews.com

big bugs can cyber security +13

SugarGh0st RAT Attacking Organizations & Individuals in AI Research 1 day, 17 hours ago | cybersecuritynews.com

access ai research attack businesses +21

New Cyber Attack Targeting Facebook Business Accounts 1 day, 17 hours ago | cybersecuritynews.com

accounts ads attack business +28

CISA Reveals Guidance For Implementation of Encrypted DNS Protocols 1 day, 20 hours ago | cybersecuritynews.com

advice agency budget cisa +23

Two Brothers Arrested for Attacking Blockchain & Stealing $25M 1 day, 21 hours ago | cybersecuritynews.com

arrested blockchain boston charged +17

Microsoft to Mandate Multi-Factor Authentication for All Azure Users 1 day, 21 hours ago | cybersecuritynews.com

authentication azure big cloud +12

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India

View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190

View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal

View on infosec-jobs.com