CVE-2024-4040
Description
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
Severity: CRITICAL
CVE ID: CVE-2024-4040
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL
CVE ID: CVE-2024-4040
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
airbus-cert
Scanner for CVE-2024-4040
Refrence: GitHub
tr4c3rs
CVE-2024-4040 (CrushFTP VFS escape) or (CrushFTP unauthenticated RCE)
Refrence: GitHub
tucommenceapousser
Scanner of vulnerability on crushftp instance
Refrence: GitHub
rbih-boulanouar
Refrence: GitHub
Mufti22
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
Refrence: GitHub
Stuub
CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support
Refrence: GitHub