all InfoSec news
CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access
Cyber Security News cybersecuritynews.com
CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0. The vulnerability allows remote attackers with low privileges to bypass the VFS sandbox and read arbitrary files on the underlying filesystem. It could be exploited for server-side template injection (SSTI) attacks, granting attackers complete control over the compromised CrushFTP server and allowing remote […]
The post CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access appeared first on Cyber Security News.
access arbitrary files attackers attacks bypass compromised control crushftp cve cve-2024 cve-2024-4040 exploited files filesystem injection low privileges sandbox server server security ssti template template injection vulnerability zero-day zero-day vulnerability