CrushFTP < 10.8.5 / 11.x < 11.3.4_23 Race Condition
CrushFTP versions prior to 10.8.5 and 11.x versions prior to 11.3.423 are vulnerable to a race condition that could allow an unauthenticated remote attacker to access unauthorized endpoints through a specially crafted request. This issue is due to improper handling of concurrent requests. An...