CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access | allinfosecnews.com

April 24, 2024, 1:50 p.m. | Guru Baran

Cyber Security News cybersecuritynews.com

CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0. The vulnerability allows remote attackers with low privileges to bypass the VFS sandbox and read arbitrary files on the underlying filesystem. It could be exploited for server-side template injection (SSTI) attacks, granting attackers complete control over the compromised CrushFTP server and allowing remote […]

The post CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access appeared first on Cyber Security News.

access arbitrary files attackers attacks bypass compromised control crushftp cve cve-2024 cve-2024-4040 exploited files filesystem injection low privileges sandbox server server security ssti template template injection vulnerability zero-day zero-day vulnerability

More from cybersecuritynews.com / Cyber Security News

Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories) 12 hours ago | cybersecuritynews.com

attack attacks attack vectors breaches +16

Russian Hackers Exploit Outlook Flaw to Hijack Numerous Email Accounts 1 day, 12 hours ago | cybersecuritynews.com

accounts agency apt28 bear +37

Android Bug Leaks DNS Traffic to Hackers While Switching VPN Servers 1 day, 18 hours ago | cybersecuritynews.com

android android 14 bug critical +21

ShadowSyndicate Hackers Exploit Aiohttp Vulnerability To Steal Sensitive Data 2 days, 11 hours ago | cybersecuritynews.com

access aiohttp vulnerability asynchronous attackers +25

Florida Man Arrested For Selling Fake Cisco Device To U.S. Military 2 days, 11 hours ago | cybersecuritynews.com

arrested cisco computer counterfeit +25

How U.S K-12 Schools Can Solve Their Top 10 Cybersecurity Challenges – Free E-Book 2 days, 11 hours ago | cybersecuritynews.com

access book can challenges +27

AI-Based Webshell Detection Model – Detailed Overview 2 days, 11 hours ago | cybersecuritynews.com

access ai-based security attackers code +23

Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints Across the Globe 2 days, 13 hours ago | cybersecuritynews.com

android bsd critical cyber security +23

Operation PANDORA Shutdown 12 Fake Call Centers that Steal Over €10M 2 days, 17 hours ago | cybersecuritynews.com

10 million a network call call centers +19

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States

View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US

View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States

View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States

View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)

View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens

View on infosec-jobs.com