Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Crushftp

🗓️ 25 Apr 2024 19:38:51Type 
githubexploit
 githubexploit👁 311 Views

Proof of concept for Server Side Template Injection (SSTI) & Local File Inclusion (LFI) in CrushFTP. Automates vulnerability detection and exploitation. Enables cookie stealing from authenticated sessions, leading to account or server takeover. VFS sandbox escape. Affects versions below 10.7.1 and 11.1.0.

Show more
Related
ReporterTitlePublishedViews
Family
The Hacker News		Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
20 Apr 202405:18
thn
Vulnrichment		CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP
22 Apr 202419:21
vulnrichment
GithubExploit		Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Crushftp
23 Apr 202409:31
githubexploit
GithubExploit		Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Crushftp
25 Apr 202404:01
githubexploit
GithubExploit		Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Crushftp
25 Apr 202419:51
githubexploit
GithubExploit		Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Crushftp
13 May 202417:33
githubexploit
GithubExploit		Exploit for Code Injection in Crushftp
23 Apr 202423:16
githubexploit
GithubExploit		Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Crushftp
25 Apr 202405:18
githubexploit
GithubExploit		Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Crushftp
3 May 202423:29
githubexploit
GithubExploit		Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Crushftp
29 Apr 202410:21
githubexploit
Rows per page

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
25 Apr 2024 19:51Current
9.9High risk
Vulners AI Score9.9
CVSS39.8 - 10
EPSS0.96635
crushftpexploitsstilfiautomationauthenticationbypassingvulnerabilitydetectionexploitationcookie stealingsession tokensvfs sandbox escapeserver takeoveraccount takeovercve-2024-4040shodan dorkrapid7 analysisethicaleducational
311
.json
Report