Md7 - Security Researcher - Exploit Intelligence Platform

CVE-2024-4040 NOMISEC CRITICAL WORKING POC

CrushFTP <10.7.1-11.1.0 - RCE

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

5 stars

CVSS 9.8

View Code

CVE-2023-3519 NOMISEC CRITICAL WORKING POC

Unspecified Product <Version> - RCE

Unauthenticated remote code execution

5 stars

CVSS 9.8

View Code

CVE-2024-4040 VULNCHECK_XDB CRITICAL WORKING POC

CrushFTP <10.7.1-11.1.0 - RCE

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

CVSS 9.8

View Code

CVE-2023-3519 VULNCHECK_XDB CRITICAL WORKING POC

Unspecified Product <Version> - RCE

Unauthenticated remote code execution

CVSS 9.8

View Code