Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day
April 26, 2024 at 10:18AM Over 1,400 vulnerable CrushFTP instances are at risk due to a critical server-side template injection bug (CVE-2024-4040). Attackers can escape the virtual file system (VFS) sandbox, gain admin privileges, and execute code. CrushFTP urges immediate upgrades, warning of exploited vulnerability with potential for data exfiltration. Difficulty in detecting exploitation adds … Read more