3 matches found
CVE-2025-32102
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI...
CVE-2024-4040
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
Unspecified Vulnerability in CrushFTP
CrushFTP is a cross-platform Java FTP server from the U.S. CrushFTP company . A security vulnerability exists in CrushFTP versions prior to 7.8.0 and 8.x versions prior to 8.2.0. No detailed vulnerability details are provided at this time...