Exploit for #VU88869 External Control of File Name or Path in CrushFTP
Vulnerability identifier: #VU88869
Vulnerability risk: High
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-73
Exploitation vector: Network
Exploits in database: 6
- May 13, 2024
- CVE-2024-4040 [Github]
- CVE-2024-4040-SSTI-LFI-PoC [Github]
- CVE-2024-4040 (Exploit CrushFTP CVE-2024-4040) [Github]
- May 7, 2024
- CrushFTP Unauthenticated Arbitrary File Read [Metasploit]
- April 26, 2024
- CVE-2024-4040 [Github]
- CVE-2024-4040-SSTI-LFI [Github]
Impact: Information disclosure
Vulnerable software:
CrushFTP
Server applications /
File servers (FTP/HTTP)
Vendor:
