Overview
- Description
- A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
- Source
- 430a6cef-dc26-47e3-9fa8-52fb7f19644e
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Known exploits
Data from CISA
- Vulnerability name
- CrushFTP VFS Sandbox Escape Vulnerability
- Exploit added on
- Apr 24, 2024
- Exploit action due
- May 1, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1922C854-D367-44B7-AEFB-4AEB07679E16",
"versionEndExcluding": "10.7.1",
"versionStartIncluding": "10.0.0"
},
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EF482D8-4F40-454D-9A92-9D6924C582E2",
"versionEndExcluding": "11.1.0",
"versionStartIncluding": "11.0.0"
}
],
"operator": "OR"
}
]
}
]