| Vulnerability | CrushFTP /WebInterface/function File Read Vulnerability |
|---|---|
| Chinese name | CrushFTP /WebInterface/function 文件读取漏洞 |
| CVSS core | 7.7 |
| FOFA Query (click to view the results directly) | app="crushftp" |
| Number of assets affected | 36803 |
| Description | CrushFTP is a cross-platform FTP server software that supports FTP, FTPS, SFTP, HTTP, HTTPS and other protocols.There were server-side template injection vulnerabilities before CrushFTP version 10.7.1 and version 11.1.0, which may cause unauthenticated threats to read files from the file system outside the virtual file system (VFS) sandbox, bypass authentication to obtain management access, and Execute the code remotely on the server. |
| Impact | There were server-side template injection vulnerabilities before CrushFTP version 10.7.1 and before version 11.1.0, which may cause unauthenticated threats to read files from the file system outside the virtual file system (VFS) sandbox, bypass authentication to obtain administrative access, and remotely execute code on the server. |
