CVE-2024-4040

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Apr 22, 2024
Updated: Apr 26, 2024
CWE ID 1336
CWE ID 94

Summary

CVE-2024-4040 is a serious vulnerability affecting CrushFTP servers before versions 10.7.1 and 11.1.0. This issue enables unauthenticated attackers to inject templates in the server-side code, leading to file reading outside of the VFS Sandbox. Moreover, attackers can bypass authentication and assume administrative access, ultimately resulting in remote code execution. This vulnerability poses a significant risk to CrushFTP servers, making it crucial for users to upgrade to patched versions as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share