Security Advisory

CVE-2024-4040

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-22 19:21:46

Last updated 2025-10-21 23:05:20

Assigner directcyber

State PUBLISHED

Description

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

← Browse all CVEs View on cve.org ↗