Lucene search
3A3CA30D-8913-5CF8-95E0-D013DA9AF57EHistoryJul 05, 2024 - 5:46 a.m.
Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Crushftp
2024-07-0505:46:56
128
exploit
code injection
crushftp
rce
testdb
user management
permissions
malicious jar.
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.965
Percentile
99.6%
CVE-2024-4040
前言
- 最近看到這個漏洞覺得還挺有趣,拜讀了以下文章並且稍微寫了一下 exploit…
This is an article that belongs to githubexploit private collection.
Please sign in to get more Information.
Related
githubexploit
githubexploit
attackerkb
attackerkb
CVE-2024-4040
2024-04-22 00:00:00
CVE-2023-43177
2023-11-18 00:00:00
nvd
nvd
CVE-2023-43177
2023-11-18 00:15:07
CVE-2024-4040
2024-04-22 20:15:07
cve
cve
CVE-2023-43177
2023-11-18 00:15:07
CVE-2024-4040
2024-04-22 20:15:07
nuclei
nuclei
CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution
2023-12-12 09:13:40
CrushFTP VFS - Sandbox Escape LFR
2024-04-23 11:49:51
cvelist
cvelist
CVE-2023-43177
2023-11-17 00:00:00
vulnrichment
vulnrichment
CVE-2023-43177
2023-11-17 00:00:00
packetstorm
packetstorm
CrushFTP Remote Code Execution
2024-04-15 00:00:00
CrushFTP Unauthenticated Arbitrary File Read
2024-08-31 00:00:00
metasploit
metasploit
CrushFTP Unauthenticated RCE
2024-03-25 11:41:24
CrushFTP Unauthenticated Arbitrary File Read
2024-04-30 16:43:37
prion
prion
Design/Logic Flaw
2023-11-18 00:15:00
zdt
zdt
CrushFTP Remote Code Execution Exploit
2024-04-15 00:00:00
nessus
nessus
CrushFTP < 10.7.1 / 11.x < 11.1.0 Sandbox Escape (CVE-2024-4040)
2024-04-24 00:00:00
thn
thn
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
2024-04-20 05:18:00
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches
2023-11-25 04:00:00
cisa_kev
cisa_kev
CrushFTP VFS Sandbox Escape Vulnerability
2024-04-24 00:00:00
rapid7blog
rapid7blog
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
2024-04-23 15:26:06
Metasploit Wrap-Up 05/10/2024
2024-05-10 20:12:01
Metasploit Weekly Wrap-Up 04/19/24
2024-04-19 18:42:39
wizblog
wizblog
CVE-2024-4040 exploited in the wild: everything you need to know
2024-04-24 16:15:18
qualysblog
qualysblog
CrushFTP Zero-Day Exploitation Due to CVE-2024-4040
2024-04-30 18:45:58
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.965
Percentile
99.6%
Related for 3A3CA30D-8913-5CF8-95E0-D013DA9AF57E