Create CrushFTP_WebInterface_function_File_Read_Vulnerability.md

2025-06-20 01:40:20 +00:00 · 2024-04-26 11:59:27 +08:00 · 2024-04-26 11:59:27 +08:00 · 4b46693ac5
commit 4b46693ac5
parent 901cc6d641
1 changed files with 13 additions and 0 deletions
--- a/CrushFTP_WebInterface_function_File_Read_Vulnerability.md
+++ b/CrushFTP_WebInterface_function_File_Read_Vulnerability.md
@ -0,0 +1,13 @@
+
+## 	CrushFTP /WebInterface/function File Read Vulnerability
+
+|   **Vulnerability**  | CrushFTP /WebInterface/function File Read Vulnerability |
+| :----:   | :-----|
+|  **Chinese name**  |	CrushFTP /WebInterface/function 文件读取漏洞 |
+| **CVSS core**  | 7.7 |
+| **FOFA Query**  (click to view the results directly)| [app="crushftp"](https://en.fofa.info/result?qbase64=c2VydmVyPSJDcnVzaEZUUCIgfHwgaGVhZGVyPSIvV2ViSW50ZXJmYWNlL2xvZ2luLmh0bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS9sb2dpbi5odG1sIiB8fCBoZWFkZXI9Ii9XZWJJbnRlcmZhY2UvdzNjL3AzcC54bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS93M2MvcDNwLnhtbCIgfHwgdGl0bGU9IkNydXNoRlRQIg%3D%3D)|
+| **Number of assets affected**  | 		36803 |
+| **Description**  | CrushFTP is a cross-platform FTP server software that supports FTP, FTPS, SFTP, HTTP, HTTPS and other protocols.There were server-side template injection vulnerabilities before CrushFTP version 10.7.1 and version 11.1.0, which may cause unauthenticated threats to read files from the file system outside the virtual file system (VFS) sandbox, bypass authentication to obtain management access, and Execute the code remotely on the server.|
+| **Impact** | 	There were server-side template injection vulnerabilities before CrushFTP version 10.7.1 and before version 11.1.0, which may cause unauthenticated threats to read files from the file system outside the virtual file system (VFS) sandbox, bypass authentication to obtain administrative access, and remotely execute code on the server.|
+
+![](https://s3.bmp.ovh/imgs/2024/04/26/2b696d3bc719d502.gif)