admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 18:52:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md

13 lines
1.4 KiB
Markdown
Raw Normal View History

Create CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md
2023-11-30 23:42:03 +08:00
## CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)
| **Vulnerability** | CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177) |
| :----: | :-----|
| **Chinese name** | CrushFTP as2-to 认证权限绕过漏洞CVE-2023-43177 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [app="crushftp-WebInterface""](https://en.fofa.info/result?qbase64=c2VydmVyPSJDcnVzaEZUUCIgfHwgaGVhZGVyPSIvV2ViSW50ZXJmYWNlL2xvZ2luLmh0bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS9sb2dpbi5odG1sIiB8fCBoZWFkZXI9Ii9XZWJJbnRlcmZhY2UvdzNjL3AzcC54bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS93M2MvcDNwLnhtbCIgfHwgdGl0bGU9IkNydXNoRlRQIg%3D%3D) |
| **Number of assets affected** | 38695 |
| **Description** | CrushFTP is a powerful file transfer server suitable for secure and efficient file transfer and management for individual or enterprise users.CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete. |
| **Impact** | CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete. |
![](https://s3.bmp.ovh/imgs/2023/11/30/8d49b65293d87b3a.gif)
Reference in New Issue Copy Permalink