Main Vulnerability Database Exploits ID:10209 - Exploit for External Control of File Name or Path in CrushFTP - CVE-2024-4040

ID:10209 - Exploit for External Control of File Name or Path in CrushFTP - CVE-2024-4040

Published: July 12, 2024

Vulnerability identifier: #VU88869

Vulnerability risk: High

CVE-ID: CVE-2024-4040

CWE-ID: CWE-73

Exploitation vector: Remote access

Vulnerable software:
CrushFTP

Link to public exploit:

https://github.com/entroychang/CVE-2024-4040

Vulnerability description

The vulnerability allows a remote user to delete arbitrary files.

The vulnerability exists due to application allows to access files outside of the virtual file system. A remote authenticated user can read arbitrary system files.

Note, the vulnerability is being exploited in the wild.

Remediation

Install updates from vendor's website.

ID:10209 - Exploit for External Control of File Name or Path in CrushFTP - CVE-2024-4040

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human