Lucene search
K

CVE-2024-4040

🗓️ 22 Apr 2024 19:21:46Reported by directcyberType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 7 Media mentions👁 321 Views🌐 WEB

CrushFTP VFS Sandbox Escape CVE-2024-4040

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Code Injection in Crushftp
25 Apr 202419:51
githubexploit
GithubExploit
Exploit for Code Injection in Crushftp
1 May 202414:42
githubexploit
GithubExploit
Exploit for Code Injection in Crushftp
25 Apr 202405:18
githubexploit
GithubExploit
Exploit for Code Injection in Crushftp
5 Jul 202405:46
githubexploit
GithubExploit
Exploit for Code Injection in Crushftp
8 May 202608:36
githubexploit
GithubExploit
Exploit for Code Injection in Crushftp
25 Apr 202404:45
githubexploit
GithubExploit
Exploit for Code Injection in Crushftp
25 Apr 202419:51
githubexploit
GithubExploit
Exploit for Code Injection in Crushftp
25 Apr 202419:51
githubexploit
GithubExploit
Exploit for Code Injection in Crushftp
30 Sep 202416:18
githubexploit
GithubExploit
Exploit for Path Traversal in Lakernote Easyadmin
4 Jul 202514:30
githubexploit
Rows per page
NVD
Node
crushftpcrushftpRange10.0.010.7.1
OR
crushftpcrushftpRange11.0.011.1.0
[
  {
    "collectionURL": "https://www.crushftp.com/download.html",
    "defaultStatus": "affected",
    "product": "CrushFTP",
    "vendor": "CrushFTP",
    "versions": [
      {
        "lessThan": "10.7.1",
        "status": "affected",
        "version": "10.0",
        "versionType": "semver"
      },
      {
        "lessThan": "11.1.0",
        "status": "affected",
        "version": "11.0",
        "versionType": "semver"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
pathrequest bodyWebInterface/function/Server-side template injection via path parameter in CrushFTP API function/ enabling arbitrary file read/executionCWE-1336CWE-94
commandrequest bodyWebInterface/function/Server-side template injection via path parameter in CrushFTP API function/ enabling arbitrary file read/executionCWE-1336CWE-94
namesrequest bodyWebInterface/function/Server-side template injection via path parameter in CrushFTP API function/ enabling arbitrary file read/executionCWE-1336CWE-94
c2frequest bodyWebInterface/function/Server-side template injection via path parameter in CrushFTP API function/ enabling arbitrary file read/executionCWE-1336CWE-94

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 08:00Current
8.7High risk
Vulners AI Score8.7
CVSS 3.19.8 - 10
EPSS0.99539
SSVC
321