all InfoSec news
Patch Now! CrushFTP Zero-day Lets Attackers Download System Files
Heimdal Security Blog heimdalsecurity.com
CrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day explained CrushFTP is vulnerable to a server-side template injection issue that affects versions before 10.7.1 […]
The post Patch Now! CrushFTP Zero-day Lets Attackers Download System Files appeared first on Heimdal Security Blog.
attackers critical crushftp customers cve cve-2024 cve-2024-4040 cvss cybersecurity news download escape explained files hackers injection issue patch server servers system template template injection vulnerability vulnerable zero-day zero-day vulnerability