Lucene search
K

8 matches found

GithubExploit
GithubExploit
added 2024/05/03 11:29 p.m.331 views

Exploit for Code Injection in Crushftp

CVE-2024-4040 A server side template injection vulnerability i...

10CVSS8.9AI score0.99539EPSS
Exploits22
GithubExploit
GithubExploit
added 2024/04/30 1:27 p.m.383 views

Exploit for Code Injection in Crushftp

Exploit Code for CVE-2024-4040 Overview This exploit code t...

10CVSS10AI score0.99539EPSS
Exploits27
GithubExploit
GithubExploit
added 2024/04/29 10:21 a.m.409 views

Exploit for Code Injection in Crushftp

CVE-2024-4040-CrushFTP-server CrushFTP is a proprietary multi...

10CVSS10AI score0.99539EPSS
Exploits22
GithubExploit
GithubExploit
added 2024/04/25 7:51 p.m.497 views

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

10CVSS9.9AI score0.99539EPSS
Exploits22
GithubExploit
GithubExploit
added 2024/04/25 7:51 p.m.460 views

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

10CVSS9.9AI score0.99539EPSS
Exploits22
Vulnrichment
Vulnrichment
added 2024/04/22 7:21 p.m.23 views

CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

9.8CVSS8.7AI score0.99539EPSS
Exploits22References7
Cvelist
Cvelist
added 2024/04/22 7:21 p.m.22 views

CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

9.8CVSS10AI score0.99539EPSS
Exploits22References7
CVE
CVE
added 2024/04/22 7:21 p.m.325 views

CVE-2024-4040

CVE-2024-4040 affects CrushFTP prior to 10.7.1 and 11.1.0. Public details describe an unauthenticated server-side template injection that can read files outside the VFS sandbox and may bypass authentication, enabling administrative access and potential remote code execution. Public PoCs and explo...

10CVSS8.7AI score0.99539EPSS
In wildExploits22References8Affected Software1
Rows per page
Query Builder